Working for fun
It’s been interesting these last few weeks. I’ve got a couple of projects in the works. One is an iPhone/iPod Touch app. I’m putting this on hold for my other app I’m writing in C#/AJAX/.Net 3.5. This app is a little more relevant to what I am doing day to day in training so it’s going to take priority. I am going to be extending the dropthings.com portal, into what I don’t know.
NASIG is coming along, nicely I’m not sure, but none-the-less it’s working out.
Running is going great. I’ve also gotten into Mt. Biking and having a great time at it.
Well that’s that.
May 13th Meeting – Integrate Security into your QA Cycle
The following was politely stolen from Andy IT Guy.
Please plan on attending this month and please take a moment and let us know if you will be there so we can have an accurate count for food. Send an email to Meetings-Atlanta@naisg.org and we will add you to the list.
DATE: Wednesday, May 13th
TIME: 7pm (Networking, Food & Drinks); 730pm (Presentation)
LOCATION: MARTA Bid Room
TOPIC:
Integrating Security into Your QA Cycle
In this interactive discussion, Errata Security co-founders Rob Graham and Dave Maynor will share tips on how – and why – to integrate security into your QA cycle. They will engage the audience with a Top 10 list of tweaks and tricks to make sure products ship bug free, and maintain the highest level of security and quality. They also will discuss a list of free tools available to help with this process.
Robert Graham: Founder & CEO
Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats. He is the author of several pending patents in the IDS field. He is the author of well-regarded security-related documents http://www.robertgraham.com/pubs and is a frequent speaker at conferences. Prior to founding Errata Security he co-founded, was the CTO, and chief-architect at Network ICE (now owned by ISS).
David Maynor: Founder & CTO
David Maynor is a founder of Errata Security and serves as the Chief Technical Officer. Mr. Maynor is responsible for day-to-day technical decisions of Errata Security and also employs a strong background in reverse engineering and exploit development to produce Hacker Eye View reports. Mr. Maynor has previously been the Senior Researcher for Secureworks and a research engineer with the ISS Xforce R&D team where his primary responsibilities included reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread. Before ISS Maynor spent the 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable. Before that Maynor contracted with a variety of different companies in a widespread of industries ranging from digital TV development to protection of top 25 websites to security consulting and penetration testing to online banking and ISPs.
Errata Security: Mission
Errata Security is a privately held firm started in 2006 by experts in the cybersecurity industry. The mission of Errata Security is to give access to the skills and talent of cutting edge researchers to companies that don’t want to staff their own research team. This mission is accomplished through consulting with clients through professional services, product testing and verification, and the Hacker Eye View service that provides in-depth analysis of events and vulnerabilities that affect today’s IT staff.
NASIG Meeting March 11th – Virtualization Security
The Atlanta Chapter of NAISG will be holding its next meeting on Wednesday, March
11th at 7:00 PM. Food and refreshments will be provided by
Stonesoft – http://www.stonesoft.com/us/.
Presentation Topic: Virtualization – Failure to Plan = Planning to Fail
While virtualization offers organizations improved efficiencies, lower
energy costs and consolidation of data centers. Unfortunately, failing to
include security with your virtualization plans is nothing but planning to
endure virtual security breaches. The speaker will lead a discussion on the
different approaches that organizations are taking to secure their virtual
environments.
Greg Mead is a senior solutions architect for Stonesoft Inc. Greg has more
than 19 years of experience in senior solutions architect and sales
engineering roles in the information technology industry, including more
than 10 years in systems security. Prior to joining Stonesoft, Mead held
positions with Compuware, Nortel Networks, Intrusion.com, Group
Technologies Corp., and Computer Advantage, Inc. Mead is a certified
information systems security professional (CISSP).
If you have not yet done so, please send a courtesy e-mail to
Meetings-Atlanta@naisg.org indicating that you plan to attend the
meeting so that we can order the correct quantity of pizza.
Location:
MARTA Headquarters
2424 Piedmont Rd.
Atlanta, GA 30324
It’s at the intersection of Piedmont Rd. and Morosgo Dr. across from
the twin AT&T towers. This is the location of the Lindburgh Station.
The meeting will be held in the Bid Room on the first floor. You will
have to sign in at the security desk.
3. THINGS TO COME
Everyone should also look forward to April’s meeting. We are talking
with the guys over at xtremesecurity.com about presenting. They are
pentest guru’s and we are looking forward to hearing what they have to say.
PowerShell: Bolts, Nuts, and Washers
In the PowerShell Overview Post we discussed what PowerShell is and got it installed on the machine. Now lets talk basics: variables, cmdlets, and aliases.
First, a little about Objects and classes. An object isn’t necessarily just data. It something we are going to be working with like a service. This service has properties and methods associated with it. To see this we can try the following…
get-service – lists the services on the computer
get-service | get-member – lists the properties and methods associated with an object returned by get-service.
These objects are represented by a class. The class is a blueprint or recipe for an object. Say we wanted to bake a cake. We’ll we’d follow a recipe to make and cake. In this analogy the cake is the object and the recipe is the class. Also, in the example above we used the ” | ” character. This is called a pipe and it allows us to pass the output of one cmdlet as the input to another. The get-member cmdlet will list all of the properties (attributes of the object i.e. DisplayName) and methods (preforms an operation i.e. Stop). So if we only wanted to see the members then we would use the following:
get-service | get-member -membertype property
This cmd will only list what properties we have available to us. Pretty awesome, but we can do more. We can use what’s called dot notation to access some these properties. We’ll use the get-date cmdlet here.
get-date – returns the date and time.
get-date | get-member -membertype property
(get-date).year
Ok, so we’re getting a feel for objects, their properties and methods. Now lets explore the cmdlet a little. Cmdlets naming convention is verb-noun. They are found in DLLs and there are quite a few provided and more can be added. The PowerShell Community Extensions are a must and I’d recommend adding them. It adds things like:
Get-ADObject
Get-DomainController
Set-FileTime (touch)
New-Shortcut
And scripts:
ConvertFrom-WmiDateTime.ps1
Export-History.ps1
There’s a lot more, but it should give you an idea of what’s there. So in keeping with the naming convention how do you thing we canget a list of commands? That’s right Get-Command and what is even cooler…we can specify parameters that stipulate the kind of cmdlet we’d like.
Get-Command
Get-Command -Verb set
Get-Command -Noun item
All of the topics we just discussed coupled with the Get-Help cmdlet make for a pretty good way of figuring out what we have at our disposal. Which is good, but this is still a lot of typing for instance say I wanted to view the contents of my current directory. Well there’s a cmdlet for that it’s Get-Childitem. Well that’s not an improvement over the “dir” command is it? Well it is because we can still use “dir”. Try it…yep it still works, but no this is not the little exe file you run from the DOS prompt. It’s actually an alias of the Get-Childitem cmdlet. If your a *nix guy then you have the same problem I do when in DOS…Typing things like “ls” well there’s an alias for this too. Yea I love aliases.
Get-alias – Shows a list of aliases and the cmdlet the alias.
Set-alias – allows you to set your own aliases.
And that leaves variables. Variables are storage containers that we can assign a value, object, or collection. They can be strongly or loosely typed. Meaning we can specify what the type of value is contained in the variable like an int (integer) – strongly typed. Or we can just leave it to PS to figure out – loosely typed. To create a variable we can prefix it with a “$” to denote it a variable.
$netLogon = get-service netlogon
($netLogon).status
Well I think we can just about call this in the bag. Play around with these topics because we’ll be using them…
PowerShell Overview
I’m going to be working with PowerShell some this week and thought I would post about what I think. I’m a C# guy and know my way around the .Net Framework so we’ll see. I’ll also post some links to sites that lend a hand on this journey. So lets set out, but first: Pandora > Cake Radio … Golden.
PowerShell is an interpretive programing language that uses .Net classes and is highly extensible. What the heck does that mean? It’s a object oriented scripting language with a lot of power. It’s supported on Windows XP, Windows Server 2003, Windows Vista, and ships with Windows server 2008. Oh, and there are x86, x64 and Itanic…I mean Itanium-based builds. Awesome, so we have to install it to use it on all the machines we intend to run scripts on. This in my opinion is a design flaw in that we can’t run cmdlets against remote machines, but I digress (and we’ll define cmdlets soon).
So, take an administrator who understands automation and where it fits in the organization. I’ve had the opportunity to work with a few in large organizations. I’ve seen server teams consisting of 14 or more people doing deployments that take weeks cut that time down to hours. All by using scripting…Not a huge surprise to those of us who are in the know. Now this was using VBScript and WMI. And these scripts can range in length anywhere from 50 to 500 lines of code. That’s a lot of script to maintain…We’ve taken these scripts, ported them to PS and seen them reduced to oh 1 to 15 lines of code. Yea that’s the power part of PowerShell.
What other objects do we get to use while writing PS scripts? COM and WMI objects of course, here again I get ahead of my self. PS can also be extended in different ways. We can add 3rd party providers like for instance a VMware provider to manage your VM infrastructure from PS? Also, we can create our own cmdlets. The SQL server cmdlets are a great example of this. These allow us to manage our SQL Servers we have laying around. You want an example of this you say? OK, Invoke-Sqlcmd -Query does just what you’d expect. It allows us to query our SQL server metadata or databases…sweeet!
lets get to installing. First make sure you have at least .Net 2.0 installed 3.5 is current. Then go out and download PS from here. The installation is a piece of cake, so don’t sweat it. There are a couple things to note. The default location of PowerShell is C:WindowsSystem32WindowsPowerShellv1.0. Here you will find the configuration files and will be doing some PS-foo with them later.
The first hurtle we run into with running a script is the execution policy. It’s set to restricted which prevents us from running .PS1 files. The PS1 file extension represents a PS script. There are a couple of cmdlets that allow us to view and change this policy.
get-executionpolicy – this shows what the policy is set to. More info here.
set-executionpolicy – allows us to change the policy. More info here
The set-executionpolicy cmdlet polices can be found here, but for our discussion “RemoteSigned” will do the trick. This allows us to run scripts, but requires a digital signature for scripts that are run from a remote location. We’ll be running our script from our local machine, so this should suffice. A parameter we should note is the “-whatif” switch. This allows us to simulate what would happen if we executed the command. This handy little switch is around a lot and I’ll do my best to point it out.
So there’s a quick overview of Powershell.
New Feed by Feedburner…
I’ve got a new feed if you’ll update it’d be great. Sorry for the inconvenience.
A day in the life of…
It’s been a fairly productive day. I’ve rebuilt my MacBook completely from scratch. Not only that, I’ve set it up to triple boot Ubuntu, Windows, and Mac OS X. I’m using rEFIt to make my life a little easier on that front. Thanks Kev! I’ve also made some headway on reconciling my social network: Facebook, Twitter, FriendFeed, Del.icio.us, etc… Played a little more over at Amazon’s EC2, watched the latest episode of Fringe, listened to the latest episode of Paul dot com Security Weekly, I got twhirl up and running, and worked through some exception handling stuff in C#.
Good times.
Twitter Error “Username can’t include Admin”…
Umm…yes it can…I’ll prove it. http://twitter.com/adminian
Here’s a screenshot of the error I received today while trying to change the design of my page at Twitter:
I imagine this is a recent validation rule. I’ve been using Twitter since .. well … before you I bet. I’ve never had this issue. I guess I will contact twitter and tell them to make me the exception…Think they will?
NASIG January 14th Meeting – End Point Security
*******************************************************************************************
National Information Security Group (NAISG) Atlanta, Ga. Chapter
*******************************************************************************************
In this newsletter:
1. What is NAISG?
2. January Meeting
3. Things to come
4. Chapter Leadership
5. Spread the word
6. Looking for Presenters and Sponsors
7. Online Resources
8. Network with other NAISG members on LinkedIn
*******************************************************************************************
1. WHAT IS NAISG?
The National Information Security Group (NAISG) is pleased to announce that it will be launching a chapter for the metropolitan Atlanta area. NAISG is an information security association with members and chapters around the world and which offers security presentations, networking opportunities and other resources. Unlike other security organizations, there are no dues, fees or qualifications associated with membership. Please join us at our chapter’s kickoff meeting to learn more about our group and the valuable resources that it can offer you. Oh, and did we mention the free pizza?
2. JANUARY MEETING
The Atlanta Chapter of NAISG will hold its kickoff meeting on January 14th at 7:00 PM. Pizza and refreshments will be provided by Symantec.
Presentation Topic: The talk will be given by Renault Ross of Symantec. He will be speaking on End Point Security and NAC.
If you have not yet done so, please send a courtesy e-mail to Meetings-Atlanta@naisg.org indicating that you plan to attend the meeting so that we can order the correct quantity of pizza.
Location:
MARTA Headquarters
2424 Piedmont Rd.
Atlanta, GA 30324
It’s at the intersection of Piedmont Rd. and Morosgo Dr. across from the twin AT&T towers. This is the location of the Lindburgh Station. The meeting will be held in the Bid Room on the first floor. You will have to sign in at the security desk.
3. THINGS TO COME
The members of the Advisory Counsel and I are very excited about some of the future presenters and topics. We are looking forward to having some of the top talent from the Atlanta area come and present on topics ranging from Compliance issues to Encryption.
4. CHAPTER LEADERSHIP
Ian Philpot – Atlanta Chairperson
Andy Willingham – Advisory Counsel
Renault Ross – Advisory Counsel
5. SPREAD THE WORD
If you know of individuals who would like to join our chapter or form new ones in their area, please point them to http://www.naisg.org for signup information.
6. LOOKING FOR PRESENTERS AND SPONSORS
The Atlanta chapter is looking for people interested in presenting to our group. The presentation must be vendor neutral and is not an opportunity to promote one vendor or solution over another. We are also looking for Sponsors willing to provide us a permanent Location to host the meetings. We’re expecting this group to grow and attract many of the best security experts in the area and will be great exposure for any company. We anticipate 20-50 people to attend regularly based on other groups performance.
7. ONLINE RESOURCES
NAISG has just reformatted its Resources page, breaking it down by category such as antivirus, antispam, firewalls, etc. We are soliciting white papers, blog URLs, products to list and more to add as resources to these pages, so please send these our way and we’ll add your listing. (And of course, we continue to maintain the Internet bandwidth test utility as one additional tool available to our membership. This tool is hosted on our own server and provides accurate readings of upload and download speeds. Just click the Start button on the page to initiate the test. http://www.naisg.org/Resources.
8. NETWORK WITH OTHER NAISG MEMBERS ON LINKED-IN
Join more than 1,230 other NAISG members on LinkedIn at http://www.linkedin.com/e/gis/43269/7DC2303017E0.
*******************************************************************************************
2009 Goals
I’ll be working on making these SMART, but for now here is my quick brainstorm.
- Spend more time with family
- Learn Spanish
- Rock climb with some friends
- Leave the country for vacation
- Run at least six 5K races
- Get in two or three good hunts
- Become more proficient at C#
- Design better interfaces with .Net 3.5
- Upgrade my MCPD to the MCSD
- Dive deeper into SQL Server BI
- Officially get the Atlanta Chapter of NASIG of the ground
Just a quick brainstorm no real order or firm commitments…yet. Last year the major accomplishment was quitting smoking — FINALLY!!! That is quite the list I know. Anyone of those items would could be large enough to turn into a lone project, but that would be too easy.
My new years resolution five or six years ago was simply “To better myself”. Every year since my resolution has been “To keep it up”. I think I’ve had pretty good success there. Hope everyone has had a great year and is looking forward to all that 2009 has in store for us…
