https://brooksgarrett.com/ Recent content on Brooks Garrett Hugo -- gohugo.io en-us Tue, 14 Sep 2021 00:00:00 +0000 https://brooksgarrett.com/blog/diy-defender-clamps/ Tue, 14 Sep 2021 00:00:00 +0000 https://brooksgarrett.com/blog/diy-defender-clamps/ We’ve recently begun the process of kitting out our Can Am Defender with tower speakers and bed based subwoofers. Fitting all the racks in a somewhat dry place is difficult anywhere except the roof so I set out to design and build an amp rack that didn’t look like it was something I made. My current idea is to mount up a couple pieces of plywood and black them out with truck bed liner to seal them against moisture. https://brooksgarrett.com/strenuous/sl052021/ Sat, 01 May 2021 00:00:00 +0000 https://brooksgarrett.com/strenuous/sl052021/ 18 May 2021 Fitness StrongLifts 5x5 A Good Deed Picked up Trash https://brooksgarrett.com/reviews/mead-complete-nodejs/ Thu, 09 Mar 2017 00:00:00 +0000 https://brooksgarrett.com/reviews/mead-complete-nodejs/ Basic Info Link: https://www.udemy.com/the-complete-nodejs-developer-course-2 Instructor: Andrew Mead Price: $85 (Often on sale for $15) Format: Online / Video Certificate: Yes Overall Score: 9/10 Summary review I came across this course while taking Andrew’s other class, The Complete React Web App Developer Course. During the React class I kept wanting to understand how the React App would interact with a backend API so I purchased this course on sale and dove in. https://brooksgarrett.com/privacy/ Mon, 23 Jan 2017 00:00:00 +0000 https://brooksgarrett.com/privacy/ PRIVACY STATEMENT SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION? When you purchase something from our page, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. When you browse our page, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. https://brooksgarrett.com/blog/developing-for-alexa/ Wed, 04 Jan 2017 00:00:00 +0000 https://brooksgarrett.com/blog/developing-for-alexa/ For my first 1 Project Per Month Challenge I took a previous idea and ported it so I can retreive information from our new Echo Dot. There are guides on building your first Alexa skill so I’ll only cover the unique things I stumbled on while developing my first skill. The goal is to create a skill for Alexa that will retreive the Fire Danger Class for a nearby tower. This information is most useful for people who: https://brooksgarrett.com/blog/narcan-you/ Fri, 09 Dec 2016 00:00:00 +0000 https://brooksgarrett.com/blog/narcan-you/ Opiod abuse is an epidemic. I’ve seen countless debates rage on firefighter forums I visit debating whether rescue services should be equipped with Narcan. One side suggests that people who continually abuse opiods become complacent when they know Narcan is a phone call away. Others suggest that if we have a tool that consistenly and safely saves lives then we should use it. My department hasn’t had a ton of opiod abuse cases so I wasn’t familiar with either argument. https://brooksgarrett.com/blog/thoughts-on-pebble/ Thu, 08 Dec 2016 00:00:00 +0000 https://brooksgarrett.com/blog/thoughts-on-pebble/ In case you missed the news this week, Pebble is no more. Every report seems to indicate that post-acquisition, Pebble will no longer produce smart watches. That’s not a terribly surprising move when you look at the larger market. LG is pulling out and Moto says NoMo. With a Pebble exit, Apple and Samsung are really the only major players remaining. A recent Gartner study gives pretty compelling evidence as to why the mass exodus is occurring. https://brooksgarrett.com/blog/session-keys-for-wireshark/ Thu, 18 Aug 2016 00:00:00 +0000 https://brooksgarrett.com/blog/session-keys-for-wireshark/ Decrypting HTTPS can be a real pain in Wireshark. I found an article that describes having Chrome or FireFox dump Session Keys for you which WireShark can then load and use to decrypt TLS sessions. Based on that article I roughed up the below Powershell function so I can selectively dump Session keys when I want to and with the browser I choose. By default I use Chrome but by passing an argument (2) to the function I can instead switch to Firefox. https://brooksgarrett.com/blog/nist-deprecates-sms/ Tue, 26 Jul 2016 00:00:00 +0000 https://brooksgarrett.com/blog/nist-deprecates-sms/ While you were sleeping, NIST has released their latest public draft of SP 800-63 on GitHub. Among the changes is this comment regarding SMS messages as an Out of Band (OOB) token for 2 Factor Authentication. From SP 800-63B Section 5.1.3.2 Due to the risk that SMS messages may be intercepted or redirected, implementers of new systems SHOULD carefully consider alternative authenticators. If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. https://brooksgarrett.com/blog/outlook-appt-in-powershell/ Thu, 30 Jun 2016 00:00:00 +0000 https://brooksgarrett.com/blog/outlook-appt-in-powershell/ Here is a simple script to schedule Outlook appointments from Powershell. I use this to automate reminders to myself during the day… $folder = $outlook.Session.folders |where-object {$_.Name -eq 'email@work.com'} $cal = $folder.Folders |? {$_.Name -eq "Calendar"} $appt = $calendar.Items.Add(1) $appt.Start = [datetime]"06/30/2016 17:00" $appt.End = [datetime]”06/30/2016 17:30" $appt.Subject = "Dinner" $appt.Save() This script demonstrates the basic usage. I’m doing a bit more by saving it as a function in my profile. https://brooksgarrett.com/blog/hyperv-zfs-sandbox/ Mon, 27 Jun 2016 00:00:00 +0000 https://brooksgarrett.com/blog/hyperv-zfs-sandbox/ ZFS has arrived on Ubuntu 16.04 LTS and that means it’s time to upgrade my NAS. Since my NAS houses all my kids pictures I want it to be redundant but performant. I like the ability to dedup as well as snapshot (and remotely backup those snapshots) that ZFS offers. Before I actually trust my data to a new technology I need to be sure I know how it behaves when it crashes. https://brooksgarrett.com/blog/docker-in-azure/ Tue, 14 Jun 2016 00:00:00 +0000 https://brooksgarrett.com/blog/docker-in-azure/ I’m playing with Docker and have it set up locally in Hyper-V for testing. I really want to have a public/internet facing host though. I remembered I had some free Azure credits from my MSDN Subscription so that’s where I’m getting started. Things I have: MSDN Account Azure Account Docker Toolbox installed My Powershell Profile First, use Docker Machine to establish your Docker VM in Azure. Of important note are the -d (driver) argument and the Subscriber ID. https://brooksgarrett.com/blog/powershell-profile-one/ Mon, 13 Jun 2016 00:00:00 +0000 https://brooksgarrett.com/blog/powershell-profile-one/ I’ve nearly exclusively used Linux for all blogging, development, and research. The Bash command line is just too powerful to ignore. Now with Microsoft making major strides to improve PowerShell I’m finding myself spending more and more time on my Windows machine. This is my profile for Windows machines. Supports docker on the command line, rust and cargo, and generally lets me do whatever I want. I really haven’t been missing Linux lately. https://brooksgarrett.com/blog/screenshot-to-s3/ Mon, 29 Feb 2016 11:19:26 -0500 https://brooksgarrett.com/blog/screenshot-to-s3/ I’ve been writing in pure markdown for a while and one portion of my workflow still gives me trouble. Images. Today I threw together a simple solution for managing images and thought I’d share in case someone else has issues. Tools I’m using: Atom Editor s3cmd S3 Browser Greenshot Python 2.7 Custom PowerShell I publish in Atom. I host in S3. All my rich content (image, video, presentation, etc. https://brooksgarrett.com/blog/windows-with-git/ Sun, 28 Feb 2016 00:00:00 +0000 https://brooksgarrett.com/blog/windows-with-git/ I’ve nearly exclusively used Linux for all blogging, development, and research. The Bash command line is just too powerful to ignore. Now with Microsoft making major strides to improve PowerShell I’m finding myself spending more and more time on my Windows machine. Running a VM just for git and vim is a silly thing to do. I spent about 10 minutes getting git working on my Windows laptop and getting my blog workflow up and running. https://brooksgarrett.com/wishlist/ Thu, 25 Feb 2016 00:00:00 +0000 https://brooksgarrett.com/wishlist/ I have friends from all around the world and a massive family. It is inevitable that an occasion arises which social edict demands someone purchase me a gift. To be clear, I’m pretty happy with my life and the things I have and gifts are usually a seriously generous but unnecessary gesture. That said, I sincerely appreciate receiving gifts and I’m notoriously hard to buy for (if I really really want something I tend to go buy it myself. https://brooksgarrett.com/blog/2015-12-08-configuring-sdr-for-fire-pager-scanning/ Tue, 08 Dec 2015 00:00:00 +0000 https://brooksgarrett.com/blog/2015-12-08-configuring-sdr-for-fire-pager-scanning/ A boring post on building a SDR scanning machine based on a cheap RTL dongle and an old emachines computer. The Project I’m a volunteer firefighter and currently our method of receiving pages is… outdated. We carry these black Motorola Minitor pagers which audibly alert us when we are needed. This works great most of the time. We need some extra things to happen so I’ve started looking at how SDR can help us. https://brooksgarrett.com/blog/coreos-fleet-and-invalid-ports/ Tue, 20 Oct 2015 00:00:00 +0000 https://brooksgarrett.com/blog/coreos-fleet-and-invalid-ports/ I kept getting this error today while trying to launch a unit in fleet: Oct 20 15:54:03 coreos02 docker[3542]: docker: Invalid containerPort: -p. Oct 20 15:54:03 coreos02 docker[3542]: See '/usr/bin/docker run --help'. Oct 20 15:54:03 coreos02 systemd[1]: consul@1.service: Main process exited, code=exited, status=1/FAILURE Oct 20 15:54:03 coreos02 systemd[1]: consul@1.service: Unit entered failed state. Oct 20 15:54:03 coreos02 systemd[1]: consul@1.service: Failed with result 'exit-code'. I added a ExecStartPre command to my unit definition to see what was going on. https://brooksgarrett.com/blog/manually-remove-unit-from-etcd/ Mon, 19 Oct 2015 00:00:00 +0000 https://brooksgarrett.com/blog/manually-remove-unit-from-etcd/ Long story short I was playing with Docker and got myself into quite the bind. After deploying a nice and easy test cluster I decided to have a go with Consul using the “official” Consul on CoreOS. Big problem because that Dockerfile expects you to be running “etcd” while my cluster is running “etcd2”! That means it breaks etcd, fleet, and the entire CoreOS system. As a bonus, since CoreOS handles HA it then proceeds to BREAK THE WHOLE CLUSTER. https://brooksgarrett.com/blog/git-history-is-forever/ Thu, 10 Sep 2015 00:00:00 +0000 https://brooksgarrett.com/blog/git-history-is-forever/ There are lots of stories about people accidentally leaking credentials or other sensitive information via their Git repositories. It never fails that someone is working on their early project and hardcodes an API key. Then they commit that key and the leak is on. It’s important to understand how Git works and what you should do if this happens to you. First understand that Git is effectively a log that will forever remember all your commits and changes even long after you wish it wouldn’t. https://brooksgarrett.com/blog/thoughts-on-community/ Thu, 10 Sep 2015 00:00:00 +0000 https://brooksgarrett.com/blog/thoughts-on-community/ Another day dawns in the world of Information Security and along with it new controversy and drama. If you haven’t been watching Twitter lately then you’ve been missing out. It all starts with a tweet and ends with a cacophony. Essentially irongeek is a guy that films and hosts said video of multiple conferences including BSides Las Vegas. The guy has a long history of making snide comments so the joke McGrew mentions shouldn’t be a huge surprise. https://brooksgarrett.com/blog/dynamicdns-with-cloudflare/ Wed, 09 Sep 2015 00:00:00 +0000 https://brooksgarrett.com/blog/dynamicdns-with-cloudflare/ I’ve been using CloudFlare for a while now to protect my sites and generally make life easy. If you haven’t seen it before then stop here and go check them out. I’ll wait. If you’re already familiar then you know the one of the key requirements is that CloudFlare becomes your DNS provider. They also have a wonderful API. Connect the dots and you too can replace your DDNS provider with a completely free solution, get better security, and accelerate your site! https://brooksgarrett.com/blog/the-lamy-safari/ Wed, 09 Sep 2015 00:00:00 +0000 https://brooksgarrett.com/blog/the-lamy-safari/ I’ve been questioned multiple times about why I always seem to have one of my Lamy Safari pens clipped close at hand. Typically the question is “Why is that pen the best pen?” It’s not. The Lamy Safari is a low end pen from German manufacturer Lamy that is composed of a plastic body and a steel nib. The pen itself is very light compared to “higher end” competitors. https://brooksgarrett.com/blog/where-d-you-go/ Wed, 29 Jul 2015 00:00:00 +0000 https://brooksgarrett.com/blog/where-d-you-go/ I’ve been gone for a while and sorry (truly) for that. I’ve been really busy lately working on assisting with a course being taught at Black Hat and transitioning into a new position at my primary job. All said it’s an exciting time in my life. I’m surrounded by energetic and intelligent people who make me better in every way. I’m supported by an excellent family. I’m incredibly thankful for everyone in my life right now. https://brooksgarrett.com/blog/what-i-wish-you-knew-about-volunteer/ Tue, 12 May 2015 00:00:00 +0000 https://brooksgarrett.com/blog/what-i-wish-you-knew-about-volunteer/ Sunday morning our department was paged out to support a life flight helicopter landing at a local hospital. It’s a pretty routine thing. We get the page, we respond to the station and retrieve an engine, and lastly we secure the landing pad and provide safety for the incoming aircraft. On this particular morning the call went out around 0600 and we were there by 0608. Afterward around 0730 I decided to stop in the gas station to grab a soda before going home. https://brooksgarrett.com/blog/local-dns-override-for-testing/ Wed, 29 Apr 2015 00:00:00 +0000 https://brooksgarrett.com/blog/local-dns-override-for-testing/ One of of primary projects involves a local telemetry agent which needs to speak to two separate endpoints. One endpoint is a command channel which provides configuration information while the second is an event channel where the agent sends telemetry and security event data. Currently we use HAProxy to balance the event channel traffic among several servers. I wanted to move to Amazon Elastic Load Balancing to take advantage of their redundancy and reliability. https://brooksgarrett.com/blog/remote-streaming-with-pi-and-mpd/ Sun, 22 Mar 2015 00:00:00 +0000 https://brooksgarrett.com/blog/remote-streaming-with-pi-and-mpd/ I wanted to be able to stream Spotify on my outdoor system without resorting to Bluetooth and streaming from my phone. I still had my original Raspberry Pi Model B around so I started looking for a way to run Spotify on the command line. That gave way to the Mopidy project. Getting it running on the Pi is fairly well documented. I noticed a step or two missing so below I placed my exact steps to get up and running on my Pi. https://brooksgarrett.com/blog/nagios-sms-alerts-with-amazon-sns/ Thu, 12 Feb 2015 00:00:00 +0000 https://brooksgarrett.com/blog/nagios-sms-alerts-with-amazon-sns/ Nagios is the stalwart go-to system monitoring solution that won’t die. Despite a bevy of replacement solutions and huge set of commercial offerings the little open source project that could keeps our infrastructure running. One of the key components of Nagios is alerting when something breaks. Today I integrated our Nagios deployment with Amazon Simple Notification Service to deliver SMS messages to our engineers. Configuring SNS First, be aware that currently ONLY US East 1 supports SMS messaging. https://brooksgarrett.com/blog/clean-passwords-from-logs/ Tue, 03 Feb 2015 00:00:00 +0000 https://brooksgarrett.com/blog/clean-passwords-from-logs/ Today was a day of fixing things. We had some issues with a bad behaving Storm topology so I wrote up some scripts to automate collecting the heap dump, generating a report, tailing relevant logs, and then shipping the whole thing off to a file server. Worked great until I realized the developers were keeping sensitive information in the topology config which is spewed into the log on every restart! https://brooksgarrett.com/blog/fix-ohmyzsh-prompts-in-putty/ Sat, 24 Jan 2015 00:00:00 +0000 https://brooksgarrett.com/blog/fix-ohmyzsh-prompts-in-putty/ Part of the draw to oh-my-zsh and zsh in general is the tight git integration. While I’m working on the console I see this: ➜ _posts git:(master) ✗ This is awesome. The arrow tells me my last command returned an exit code 0 (since it is green), I know I’m in my posts directory, I’m on the master branch, and I have unstaged/uncommitted changes. That’s way more useful than knowing I’m on a server as a certain user! https://brooksgarrett.com/blog/write-more-with-vi-and-bash/ Thu, 22 Jan 2015 00:00:00 +0000 https://brooksgarrett.com/blog/write-more-with-vi-and-bash/ Part of my New Year’s resolution is to write more. My challenge is I’m incredibly busy and incredibly lazy. To make sure I have no excuses I’ve already optimized how I publish. The problem now is I have to keep entering YAML front matter into my posts. Recognizing this causes me to ignore writing I set out to fix it. My solution is three parts: A basic template An awk script to parse the template A shell script to tie it all together The template is very basic and essentially contains only the front matter and placeholder markers. https://brooksgarrett.com/blog/chuck-cli/ Wed, 21 Jan 2015 00:00:00 +0000 https://brooksgarrett.com/blog/chuck-cli/ My good friend Daniel Miessler dropped a tweet the other day talking about the Chuck Norris Database API. Now as soon as I heard there is an API available I had to get it into my shell for those days when humor is all that keeps me from rm -rf / the world. Here’s how I did it. ➜ ~ tail -n 1 ~/.oh-my-zsh/lib/aliases.zsh alias chuck="curl -s http://api.icndb.com/jokes/random/ | egrep -oh '\"joke\": \"[^\"]+' | awk -F \\\" '{print \$4;}'" ➜ ~ chuck Chuck Norris doesn't use GUI, he prefers COMMAND line. https://brooksgarrett.com/blog/diffie-hellman-groups/ Mon, 05 Jan 2015 00:00:00 +0000 https://brooksgarrett.com/blog/diffie-hellman-groups/ I’ve been working with VPNs quite a bit recently and keep running into issues where the other party uses the bit strength and group number for Diffie-Hellman groups interchangeably. Here is a quick reference list: Group 1: 768-bit Group 2: 1024-bit Group 5: 1536-bit Group 14: 2048-bit Group 15: 3072-bit Group 19: 256-bit EC Group 20: 384-bit EC https://brooksgarrett.com/blog/cordova-browser-on-linux/ Mon, 29 Dec 2014 00:00:00 +0000 https://brooksgarrett.com/blog/cordova-browser-on-linux/ I’m working on a new mobile application which, of course, means Cordova. Recently Cordova added the “browser” platform so you can test your application right on the desktop with no hackery required. Getting the platform added to your project and run it as a browser app is as simple as: cordova platform add browser cordova run browser I, however, am on Linux and when I first tried to run on the browser platform I only got a blank output with no browser. https://brooksgarrett.com/blog/roughhousing/ Sun, 23 Nov 2014 00:00:00 +0000 https://brooksgarrett.com/blog/roughhousing/ I’m an absolutely huge fan of rugby so what comes next may shock you: I regularly flip, turn, body slam, and fold my two year old. To clarify I’m not injuring him or punishing him but instead engaging in old-fashioned rough housing. Typically you would be made aware of the activity by the sounds of laughter and squeals emanting from his mouth. The video below is absolutely spot on given one important rule: https://brooksgarrett.com/blog/apple-is-winning/ Fri, 24 Oct 2014 00:00:00 +0000 https://brooksgarrett.com/blog/apple-is-winning/ Apple is winning the mobile war but not for the obvious reasons. Apple is winning because they are the first to realize that phones don’t matter. Samsung still thinks that making an awesome phone will win market share. Google is standing in a good spot but digging a big hole. Amazon is somewhere in France trying to locate New York. Nokia and Microsoft are on a good trajectory. What am I rambling about? https://brooksgarrett.com/talk/professional-incident-response/ Thu, 16 Oct 2014 00:00:00 +0000 https://brooksgarrett.com/talk/professional-incident-response/ This presentation was first presented at HouSecCon 5.0 on Thursday 16 October 2014. You built it; they broke it; now what? In this talk learn how to advance your incident response plan beyond a policy document and into a scalable framework that enables your team to respond, track, and report on incidents of every size by leveraging what professional responders do every single day. [Slide Deck Download](http://data.brooksgarrett.com/collateral/decks/Professional Incident Response. https://brooksgarrett.com/blog/justgetflux/ Tue, 16 Sep 2014 00:00:00 +0000 https://brooksgarrett.com/blog/justgetflux/ A friend of mine recommended I try out Flux and I’m ever glad I did. The basic premise is that Flux monitors the time of day and adjusts your screen temperature (or hue) to match ambient light levels. The result is a much more enjoyable session at night. I’m sitting in my living room with only a single lamp on and the glow of the light bulb on the keyboard is a near identical match to the color setting suggested by Flux. https://brooksgarrett.com/blog/jekyll-github-travisci-s3/ Tue, 16 Sep 2014 00:00:00 +0000 https://brooksgarrett.com/blog/jekyll-github-travisci-s3/ For a while now I’ve been exclusively using [Jekyll][jekyll] to publish my site. At first I started with basic [Jekyll][jekyll] running on [DigitalOcean][do]. This worked well but meant I needed to SSH to a server when I wanted to post content. Not really the best requirement for a seamless workflow but it worked for a while. Then I started using Git and GitHub to manage the content as a repository. A bit of php later and I had a post-commit hook in GitHub to notify the [DigitalOcean][do] server that new content was ready. https://brooksgarrett.com/talk/distributed-dynamic-scanning/ Wed, 10 Sep 2014 00:00:00 +0000 https://brooksgarrett.com/talk/distributed-dynamic-scanning/ This presentation was first presented at HP Protect 2014 on Wednesday 10 September 2014. This talk was a collaborative presentation with 4 speakers: Brandon Spurth Jeremy Brooks Jonathan Griggs Brooks Garrett Dynamic scanning is a staple of the web application security community. The complex nature of scanning each site and the expertise required to run the tools and interpret the results often limits the deployment models. Development teams usually do not contain a security expert and must rely on an external team to perform their dynamic audits. https://brooksgarrett.com/blog/intro-to-podcast/ Fri, 31 Jan 2014 00:00:00 +0000 https://brooksgarrett.com/blog/intro-to-podcast/ I came about in the InfoSec profession with the likes of @SpaceRogue and @ThisIsHNN bringing me weekly digestibles of all the things happening in the world of InfoSec. My team would huddle in the forensics lab each Friday and bear witness to a painful ridicule or Adobe each and every week as we heard all about the latest vulns and exploits. Oh, and who would ever forget the running commentary that was the Summer of Lulz. https://brooksgarrett.com/blog/remap-keys-in-ubuntu/ Sat, 28 Dec 2013 00:00:00 +0000 https://brooksgarrett.com/blog/remap-keys-in-ubuntu/ I’m following along Daniel Miessler’s Vim Primer and saw he remapped the Caps Lock key to be his Control key. I thought this was an interesting concept but I’d rather have Escape on my Caps Lock. Also, I’m running Ubuntu instead of OSX. Off to the interwebs! A short bit of Google-fu brough me to a couple of resources which answered the question for me. Combining the information I found led me to this process for remapping the keys: https://brooksgarrett.com/blog/child-pickup-arrest/ Sun, 24 Nov 2013 00:00:00 +0000 https://brooksgarrett.com/blog/child-pickup-arrest/ As a parent what happens in this video is completely appalling. A man goes to a school after school is over to retrieve his children and is arrested. Now, being arrested in front of your kids is bad enough when you have an outstanding warrant or some other lawful reason for being detained. This guy, however, had the audacity to challenge a law enforcement officer on whether (as defined in state law) he was entitled to pick up his children. https://brooksgarrett.com/blog/fit-for-rugby/ Fri, 01 Nov 2013 00:00:00 +0000 https://brooksgarrett.com/blog/fit-for-rugby/ I’ve been playing rugby for several years now and the sport never lets me down. It is incredibly fast paced, physical, and requires team effort. For proof you can look to the Rugby Sevens tournaments where the USA Eagles featured one of the fastest men in rugby yet still did not win the series even though Rugby 7’s is largely a game of speed. The reason is simple. Rugby is a team sport and it is pretty simple to neutralize one key player. https://brooksgarrett.com/blog/sriracha-the-spice-of-life/ Fri, 25 Oct 2013 00:00:00 +0000 https://brooksgarrett.com/blog/sriracha-the-spice-of-life/ Note: This article is the start of a series investigating how cross industry lessons can be directly applied to the IT and Information Security spaces. I recently saw an article about the company behind Sriracha. If you’ve never tasted Sriracha sauce, proceed to your nearest supermarket, purchase a bottle, add to anything (no, seriously. ANYTHING), and then come back for the rest of this article. I’ll wait. As a fellow lover of the Rooster you know just how amazing it is and according to the article that isn’t an accident. https://brooksgarrett.com/talk/runtime-protection-real-world/ Mon, 16 Sep 2013 00:00:00 +0000 https://brooksgarrett.com/talk/runtime-protection-real-world/ This presentation was first presented at HP Protect 2013 on Wednesday 16 September 2013. Learn how HP Fortify On Demand is leveraging Fortify Runtime Protection to protect our own cloud services. See tips and techniques learned from deploying Runtime Protection in the real world, and learn how you can leverage the same technology in your environment without compromising performance or uptime. You’ll come away with tips on deploying, managing, and integrating Fortify Runtime Protection so you can block attacks while providing your developers with line-of-code detail regarding how to close the holes. https://brooksgarrett.com/blog/a-good-day-to-remember/ Wed, 11 Sep 2013 00:00:00 +0000 https://brooksgarrett.com/blog/a-good-day-to-remember/ My Facebook is alive with flags, Pentagon images, and Twin Tower tributes. Make no mistake about it: This is an incredibly important day. Today, 12 years ago, 343 of the Bravest, 60 of the Finest, and 15 of the Strongest perished. These were first responders who trained daily to serve the public but until 9/11 and the establishment of DHS and the grants that entity would bring public safety just wasn’t prepared for the massive emergency brought by terrorist attacks. https://brooksgarrett.com/blog/disconnected-esx-host/ Thu, 29 Aug 2013 00:00:00 +0000 https://brooksgarrett.com/blog/disconnected-esx-host/ Earlier we lost the management interface on one of our ESX hosts in a cluster. The host was powered on and the guests were responsive but the host was completely unmanageable (listed as ‘disconnected’ in Sphere) and the guest VM’s were listed as ‘disconnected’ as well. Obviously we needed to reboot the host and migrate the VM’s but that VMotion was out of the question. Finally we resorted to powering down the guest image and using the following steps to recover the guest machines on a new host. https://brooksgarrett.com/blog/hacking-resources/ Sun, 25 Aug 2013 00:00:00 +0000 https://brooksgarrett.com/blog/hacking-resources/ This is just a place holder for interesting resource for self-education in InfoSec. Training Security [Metasploit Unleashed - (Free)] (http://www.offensive-security.com/metasploit-unleashed/Main_Page) [Dr. Fu Malware Analysis - (Free)] (http://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html) Programming [Codecademy - Learn to Code!] (http://www.codecademy.com/) Reference [SQLInjection Techniques] (http://www.chokepoint.net/2013/08/using-mysql-locally-for-testing-sql.html) Resources [VulnHub] (http://vulnhub.com/) [Mutillidae] (http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10) [Metasploit Community Download] (http://www.rapid7.com/products/metasploit/metasploit-community-registration.jsp) [Armitage - GUI for Metasploit] (http://www.fastandeasyhacking.com/) [SecurityTube - YouTube but you learn stuff…] (http://www.securitytube.net/) CTF Competitions [CSAW 2013 - Nov 14-16 2013] (https://csaw. https://brooksgarrett.com/blog/free-books-from-msft/ Mon, 12 Aug 2013 00:00:00 +0000 https://brooksgarrett.com/blog/free-books-from-msft/ Microsoft apparently has a phat stack of free books Perhaps if you ran this in the Chrome Console good things will happen? function printLink(link) { if (link.textContent === 'MOBI'){ console.log(link.href); } } var allLinks = document.links; for (var i=0; i<allLinks.length; i++) { printLink(allLinks[i]); } https://brooksgarrett.com/blog/my-experience-with-chef-redux/ Thu, 08 Aug 2013 00:00:00 +0000 https://brooksgarrett.com/blog/my-experience-with-chef-redux/ [Chef] (http://opscode.com “Chef”) isn’t SO horrible. Here is the running list of things I’ve done to get it working from a client perspective. Installing Gems If you use the omnibus installer (from the opscode site as opposed to apt/yum) you can’t just use Gem to install things. There seems to be a disconnect between the ruby runtime the knife command uses and the gems repository your system normally uses. Instead, you need to use the embedded gem command as follows (this example demonstrates installing the knife-ec2 gem): https://brooksgarrett.com/blog/my-experience-with-chef/ Tue, 06 Aug 2013 00:00:00 +0000 https://brooksgarrett.com/blog/my-experience-with-chef/ [Chef] (http://opscode.com “Chef”) is an automation platform that is supposed to make your life easier. Well if you can get it to install. Oh, and run. And don’t forget to learn its special syntax which is based on Ruby. So maybe learn some Ruby. AND do try to remember that while Windows is supported, it’s still pretty much just an interface into PowerShell. I’ve spent weeks fighting with Chef. First trying to install it. https://brooksgarrett.com/blog/safe-hex/ Mon, 22 Jul 2013 00:00:00 +0000 https://brooksgarrett.com/blog/safe-hex/ A good friend of mine Daniel Miessler hit on an interesting phrase, “Safe Hex.” Variations on this phrase have been floating around and I decided to have some fun with DefCon rapidly approaching. This is your Public Service Announcement: Avoid Unauthorized Penetration, Secure Your App by Practicing Safe Hex. https://brooksgarrett.com/blog/me-after-troubleshooting/ Sun, 21 Jul 2013 00:00:00 +0000 https://brooksgarrett.com/blog/me-after-troubleshooting/ I came across this image after spendig half a day troubleshooting a problem only to realize the local cache was pointing to a non-existent location. Pretty much sums up the day… https://brooksgarrett.com/blog/pushd-and-popd/ Sat, 09 Mar 2013 00:00:00 +0000 https://brooksgarrett.com/blog/pushd-and-popd/ I don’t know how I’ve gone this long without this pair of commands. Use pushd dir to stick a directory on the dirs stack and popd to take the last off. Where is this useful? Imagine working in /var/www/logs and now you need to peek over at /home/user and while there you pop into some other directory. Well now cd - doesn’t work and you’re left typing the full path back to the logs you were reviewing. https://brooksgarrett.com/blog/renaming-volume-groups-in-linux/ Sat, 09 Mar 2013 00:00:00 +0000 https://brooksgarrett.com/blog/renaming-volume-groups-in-linux/ What is that you say? Cloned a Linux machine and decided to rename that misnamed volume group using vgrename /dev/vg_RAWRStupidName /dev/vg_NiceName? Oh and now your rebooted without first changing your /etc/fstaband /etc/grub.confand get a good old fashioned Kernel Panic? Well lucky you I remembered to write this down: When booting go into the Edit mode for Grub (Generally ESC during boot). Change the kernel boot parameters to reference your new VG name. https://brooksgarrett.com/about/ Fri, 24 Feb 2012 15:41:48 -0500 https://brooksgarrett.com/about/ I’m currently based out of Valdosta, GA and have a wonderful family. I’m infatuated with technology and can’t wait to get my hands on the newest tools, techniques, and shiny objects so I can tear them apart and make cool things. That sounds really awesome but speaking thruthfully it really means I stare at a linux console. A LOT. I Fight Fires No, seriously. Like pyrolysis. I spent 3 years as a volunteer firefighter in Bulloch county, Georgia while attending school. https://brooksgarrett.com/blog/html5-input-validation-is-not-sanitization/ Fri, 07 Oct 2011 00:00:00 +0000 https://brooksgarrett.com/blog/html5-input-validation-is-not-sanitization/ One of the hyped features of HTML5 is the ability to specify the input “type” of an input on a form as one of several new options: color date datetime datetime-local month week time email number range search tel url The implementation of this new feature couldn’t be easier, simply specify the “type” attribute of your input field and let the browser handle the rest. For example, by specifying an input type of “email”, Chrome will validate the input to ensure it is a validly formed email address. https://brooksgarrett.com/blog/amazing-poem-about-legacy/ Mon, 25 Apr 2011 00:00:00 +0000 https://brooksgarrett.com/blog/amazing-poem-about-legacy/ The Bridge Builder An old man, going a lone highway, Came, at the evening, cold and gray, To a chasm, vast, and deep, and wide, Through which was flowing a sullen tide. The old man crossed in the twilight dim; The sullen stream had no fear for him; But he turned, when safe on the other side, And built a bridge to span the tide. "Old man," said a fellow pilgrim, near, "You are wasting strength with building here; Your journey will end with the ending day; You never again will pass this way; You’ve crossed the chasm, deep and wide- Why build you this bridge at the evening tide? https://brooksgarrett.com/blog/wtf-time-give-me-options/ Tue, 08 Feb 2011 00:00:00 +0000 https://brooksgarrett.com/blog/wtf-time-give-me-options/ I’m looking at the computational cost of computing various hashes. Naturally, I want to collect run time statistics on each hash command and collect this metric several thousand times. The natural choice is to go with time, but I need to use time’s format option to output a CSV output. Sounds easy: brooks@saosin:~$ time -f %e,%S,%U md5sum .viminfo bash: -f: command not found real 0m0.002s user 0m0.000s sys 0m0.002s WTF? -f is an option, not a command! https://brooksgarrett.com/blog/splitting-hairs/ Fri, 07 Jan 2011 00:00:00 +0000 https://brooksgarrett.com/blog/splitting-hairs/ The super timeline often exceeds 65,000 rows and is extremely slow in Excel. To fix this, split the file into manageable chunks. wc -l filename.csv gives the number of lines in a file. split -l 65000 -d supertimeline.csv supertimeline will generate multiple files named supertimeline.00 (01, 02, etc) with 65000 lines each. -l is the line count and -d tells split to use digits for the prefix instead of letters (00 instead of AA). https://brooksgarrett.com/blog/getting-disk_stat-working-in-sift/ Tue, 04 Jan 2011 00:00:00 +0000 https://brooksgarrett.com/blog/getting-disk_stat-working-in-sift/ SANS publishes the SIFT (SANS Investigative Forensic Toolkit) Workstation as a VMWare appliance. The environment is impeccable for rolling out a mobile forensics workstation and is preloaded with a wealth of tools. The workstation was created by Rob Lee. All that being said, nothing is absolutely perfect. A huge drawback to the SIFT workstation is getting disk_stat working so an investigator can detect HPA’s on a suspect drive. Acquiring a disk with an HPA requires additional steps and missing the HPA can mean missing evidence. https://brooksgarrett.com/blog/mounting-filesystems/ Sun, 02 Jan 2011 00:00:00 +0000 https://brooksgarrett.com/blog/mounting-filesystems/ When mounting an image of a journaled filesystem, a couple of shortcuts repeatedly save me time and energy. First, VFAT and NTFS disks reserve (generally) the first 63 sectors for the partition table and meta info. Considering 512 is a very common size for sectors, 32256 becomes a very good number to remember. 32256 is the number of bytes you generally need to offset when mounting a volume. This offset is done in mount as follows: https://brooksgarrett.com/blog/sorting-out-sorter/ Sun, 02 Jan 2011 00:00:00 +0000 https://brooksgarrett.com/blog/sorting-out-sorter/ Brian Carrier has provided the forensics community with tools that are absolutely vital to open source forensics. One tool I tend to under utilize is sorter. Sorter is used to ‘sort’ files in an image into categories using file headers as the primary resource. Thus the output is a set of text files (“images.txt”, ““archive.txt”, etc.) which details what the files are. This can greatly reduce investigation time if you know what you are looking for (Images? https://brooksgarrett.com/blog/who-is-using-google-domain-apps/ Thu, 30 Dec 2010 00:00:00 +0000 https://brooksgarrett.com/blog/who-is-using-google-domain-apps/ This could be completely useless, or some interesting information. I guess it depends on you… Google for inurl:googlehostedservice.html This shows which domains are most likely using Google Domain Apps (or at least trying to). You could just check MX records too, but MX records aren’t indexed by Google now are they? https://brooksgarrett.com/blog/why-i-firmly-oppose-the-burning-of-the-koran/ Thu, 09 Sep 2010 00:00:00 +0000 https://brooksgarrett.com/blog/why-i-firmly-oppose-the-burning-of-the-koran/ My thoughts on why burning the Koran is bad, and allowing the Muslim community in NYC to build their Community Center/Mosque/Whatever. These are my thoughts, please feel free to form your own and argue with me. If, however, you begin quoting a major news outlet without your own critical analysis, I will most likely unfriend you instantly. One is opening a community center. The group opening a center was not affiliated with the people who attacked our nation 9 years ago. https://brooksgarrett.com/blog/next-web-service/ Thu, 12 Aug 2010 00:00:00 +0000 https://brooksgarrett.com/blog/next-web-service/ So after publishing the NRSL webservice http://brooksgarrett.com:81/json/SHA1_HASH (No longer functional), I’m looking for a new project. I’m thinking of munging and exposing the Microsoft Update list as a XML feed for powering internal patch management tools. I’ll post more when I get it implemented. https://brooksgarrett.com/blog/universal-usb-installer-easy-as-1-2-3/ Thu, 12 Aug 2010 00:00:00 +0000 https://brooksgarrett.com/blog/universal-usb-installer-easy-as-1-2-3/ Universal USB Installer – Easy as 1 2 3 | USB Pen Drive Linux. This site is a great reference for installing Linux onto a bootable flash drive. I highly recommend using the Multiboot ISO Loader. I use it to have an Ubuntu installer and DSL on the same jump drive. https://brooksgarrett.com/blog/neat-sim-tools-worth-looking-at/ Wed, 11 Aug 2010 00:00:00 +0000 https://brooksgarrett.com/blog/neat-sim-tools-worth-looking-at/ This is a list of tools I’m coming across which warrant looking in to but don’t suit my current need. I’ll update as I research. samhain prelude ossim ossec-HIDS libsafe prewikka osiris sec (Simple Event Correlator) cep https://brooksgarrett.com/blog/mysql-and-efficient-data-encoding/ Sun, 08 Aug 2010 00:00:00 +0000 https://brooksgarrett.com/blog/mysql-and-efficient-data-encoding/ As I’ve been working to expose the National Software Reference List via a new webservice, I’ve had to find ways to store data efficiently to avoid nuking my server. One of the biggest issues was the shear size of the database. Each file record has 2 hashes, a SHA-1 and a MD5 hex-encoded value. Currently, there are 58,272,836 files hashed as part of the NSRL effort. This means 58,272,836 rows of data and 116,545,672 hash values. https://brooksgarrett.com/blog/mysql-loading-data-from-csv/ Tue, 03 Aug 2010 00:00:00 +0000 https://brooksgarrett.com/blog/mysql-loading-data-from-csv/ I have a 1.86 GB CSV file which I want to put into a table in MySQL. Originally I started by using VIM to modify the source data to add “INSERT INTO …” statements in front of each line. This approach quickly turned kludgy and took a painfully long time to complete. Solution? MySQL includes built in support for doing this exact thing. Here is what I did, tailor to your needs: https://brooksgarrett.com/blog/mysql-and-indexes/ Tue, 03 Aug 2010 00:00:00 +0000 https://brooksgarrett.com/blog/mysql-and-indexes/ So what happens when you have over 1 million rows in a table and you try to do a lookup? mysql> describe file; +-------------+----------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+----------------------+------+-----+---------+-------+ | sha1 | binary(20) | NO | | NULL | | | md5 | binary(16) | NO | | NULL | | | crc | binary(4) | NO | | NULL | | | filename | varchar(150) | YES | | NULL | | | filesize | int(11) | YES | | NULL | | | ProductCode | smallint(5) unsigned | YES | | NULL | | | oscode | varchar(15) | YES | | NULL | | | specialcode | varchar(15) | YES | | NULL | | +-------------+----------------------+------+-----+---------+-------+ 8 rows in set (0. https://brooksgarrett.com/blog/404-pages-in-wordpress/ Fri, 04 Dec 2009 00:00:00 +0000 https://brooksgarrett.com/blog/404-pages-in-wordpress/ If you are receiving a 404 in WordPress, there are 2 possible causes: .htaccess This file is located in your web root directory. Change the permissions to 666 then modify your PermaLink settings and save them. This will rewrite your .htaccess for you. Be sure to change it back to 440 when done. apached.conf In the apache config for your web site, make sure AllowOverides is set to All. https://brooksgarrett.com/blog/create-a-git-archive-in-non-empty-folder/ Fri, 04 Dec 2009 00:00:00 +0000 https://brooksgarrett.com/blog/create-a-git-archive-in-non-empty-folder/ git init git remote add origin remote_machine:~brentg/my_setup.git git fetch git branch master origin/master git checkout master