All posts by jathan

I am a computer security professional with over 17 years experience in the Information Technology industry with a vast range of skills covering systems, networking, programming, design, and architecture... Everything really. Which makes me great at security! I was born in Alabama, raised in Florida, lived in South Africa when I was 7, came back to Florida, moved to California for 4 years, moved back to Florida, joined the Marines after high school, ended up in Virginia (outside of DC) for 10 years and now I'm back in California.

Auto-indent + Paste = Murder

I use Vim pretty much exclusively as my IDE for all programming tasks be it Python, HTML, JavaScript… whatever. One of the Nifty Features™ of vim is auto-indentation which saves a lot of extra tab keystrokes in the longrun. The side effect of this Nifty Feature™ is that when you go to paste code from another source into a file you’re editing, it goes berserk and indents everything you just pasted. If the code you’re pasting is already indented, you end up with nested double indentation, and with languages like Python where whitespace is significant this can be a huge pain in the ass.

So I finally had enough and decided to share this solution along. This is using Vim’s pastetoggle, which allows you to map a keystroke to toggle auto-indentation when you want to paste stuff. Put this into your .vimrc:

" map <F3> to toggle paste to prevent auto-indent mangling when pasting
noremap <F3> :set invpaste paste?<CR>
set pastetoggle=<F3>
set showmode

To use it, you hit F3 to toggle paste mode, paste what you need to paste, then hit F3 again to turn it back off. And done!

Loki: A Python Infrastructure Protocol Suite

It’s been a while since I last posted, so I’m going back in time to write briefly about an awesome talk I attended at Black Hat 2010 in Las Vegas (last year, duh).

The toolkit is (poorly) named Loki. There are so many packages out there named Loki already, but I get where they were going with it.

It was written by three brilliant German fellows: Daniel Mende, Rene Graf and Enno Rey of ERNW. The primary focus is manipulating and exploiting infrastructure (layer 2/3) protocols, but of course these are all based on the entire protocol stack, so they have laid a nice framework that is way easier to use than other packet manipulation modules out there like Scapy, albeit more specialized. As of right now it has support for BGP, OSPF, ARP, ISIS, RIP, HSRP (v1 and v2), VRRP (v2 and v3), BFD, LDP, and MPLS. And it can spoof all of them!

Loki itself is pure Python, although it does have some system level dependencies. It centers mostly around, which is a GUI application that is its bread and butter. This app is effectively a router emulator that allows you to establish peerings and execute brute force attacks. For example all you need is a single BGP packet from the wire and you can then perform your brute-force agains the authentication key offline.

In some cases for protocols with no authentication such as VRRP–which is commonly used for providing redundant default gateways for Internet egress–you can push out another peer as a default gateway and take over that role with mind-blowing ease.

If you poke around you’ll see that they’ve encapsulated each protocol into its own module making almost of all of it reusable outside of the GUI. Additionally if you go to the main page of their site and scroll down to Tools, you’ll see a few other packages they’ve released.

For a more technical read, check out a recent blog post by Mike Poor.

Intro to Twisted

I presented a short Intro to Twisted at the SoCal Piggies meetup in Santa Monica last night. It went pretty well and I think I did a good job explaining the basics. I know it took me a long time to even become even remotely familiar with the way Twisted operates, so I felt like this was a good choice for a five-minute presentation. Short, sweet, and to the point!

Here is is for your viewing pleasure:

I borrowed the image on slide five from the Twisted Intro, which is a very excellent introductory tutorial written by Dave Peticolas. If you are curious about Twisted, what it can do, or are even experienced and want a great refresher, it’s definitely worth your time to give it a look!

The White Room

(Originally journaled by me on 2003-11-15)

I just awoke from a dream in which I found myself in a room with two girls and two older women, all obviously related. The grandma (in her 50’s), mother, and two daughters. I was sitting across from them at a table in a white room with no door, high ceiling, and a ledge off to the right wall with a tall window. Words were written/painted on the window and there was some gimp-like creature up on the ledge.

I had the feeling of being kidnapped because I had no recollection of going there or how I got there. I was playing it cool however, inquiring casually thru conversation about where we were.

It seemed as if nowhere. When asking about the girls they could not remember the age gap between them and looked accusingly at their mother who just smirked.

They all had black hair. The sisters were hot, with kind large features (butt, boobs, teeth, nose, etc.). The grandma never spoke; nor the mom.

When I inquired how I knew them, the girl on the left smiled knowingly and said I used to work with her. This was after she used the word ‘grep’ in conversation. She asked me if I remembered the screen name “heart with an a” and I said it sounded familiar.

I was mildly attracted to her. I felt relieved to meet someone new. Thru more conversation she wrote some C code on a napkin and I inquired if she was going to school or was self-taught.

Things started getting weird. I think the other sister was jealous. Someone threw something like clubs or bowling pins at the gimp-like creature in the window ledge… It got pissed.

It shrieked and cursed. I felt a connection between it and the girl on the right. I think it was the mom that threw the clubs at the gimp.

I think the grandma eluded to the mom to do it.

For some reason I did the same and the gimp jumped up and down and hissed and jumped off the ledge.

The next thing I realized is that the gimp is the girl on the right. She is a prisoner somehow because of the mom. She is the bad sister.

She writes things on the windows and receives gifts from some godlike being. They are S.O.S. messages.

I find myself on the ledge trying to atone for throwing the clubs at the gimp. There are gold coins and I notice pillars of white in each corner of the room. The coins are gifts from the god to the gimp.

I start to feel immense sorrow and pain. I can’t move or think. I am overwhelmed. I am being attacked. I collapse in pain screaming and crying in depression and sadness. I feel her pain.

I wake up in a white room. I see no one, I hear no one, but I know I am supposed to escape. I know I am a prisoner of the bad girl. The good girl is trying to help me. She says the bad girl has all the keys but she took them, and is helping me unlock doors (not physically, the keys just appear and the doors open). I am running down a hallway with the same lighting and blue carpet. It is very surreal. I am terrified realizing I am trapped and trying to escape without really knowing why or how.

I fail.

The puzzle resets. It’s a game. I’m still trapped. I wake up FOR REAL.

I am lying in bed and I can’t move. My bedroom is lit like the hallways in my dream. I can see my hall from my bed. In the lucid state, unable to clearly see, I see the puzzle. It is moving and self-contained but I can’t figure it out.

I start waking up. I get up. I feel groggy. I walk out to see my friend Megan on the couch. REALITY. I’m still scared.

I go to the spare room and type “heart with an a” into Google.

Nothing relevant comes up.

I’m awake. But the dream was real. What the fuck was that!!

I know my room was similar to the room in the dream. The kitten was in the window ledge. Was she the gimp? I had thrown a pillow at her earlier before the dream because she was making a lot of noise.

Friday Cutions

Words ending with -cution are surprisingly similar!

a formal speech giving advice or a warning.

the skill of clear and expressive speech, esp. of distinct pronunciation and articulation.

verb [ trans. ]
a formal “speech” giving “advice”, esp. of “distinct” lightning bolts.

I don’t think that last one means what I think it means.

Frozen: A Scary & Innovative Horror Flick

Go see this movie.

Watch the trailer for Frozen, and then check out the official site.

I had the pleasure of meeting the writer & director, Adam Green, this past weekend. My friend Robert and he are old buddies from college who just reconnected. Adam invited us to go to a screening in Santa Monica on Saturday after which there was a meet & greet with the cast & crew. After that we went out for drinks and I had a really good time. Ahhh, schmoozing, the second-oldest profession.

So, not only do I like the guy and want to see his movie succeed, but I genuinely thought the movie was a good time and I want to get more people out there to see it!

It’s an independently produced horror movie, which already stacks the odds against it. It is also an original production, not a remake, which further hardens the sell. It seems most horror fans out there cry for new original stories over remakes, but when it comes time to show their support, movies like Frozen get overlooked. This is sad.

I am a huge horror fan, and I am one of those people who is disappointed with the glut of remakes out there. So I am taking some of my time to get the word out there about Frozen because we need more movies like it!

It was an intense flick that had me gripping the edge of my seat for most of the movie. It grabbed me and didn’t let go, had me cringing and going “OHHHHHH” at some of the gory scenes. At a few moments I was so uncomfortable that I had to disengage by looking away or pretending I was in a happy place. To me, that is a sign of a good movie. It affected me. It wasn’t hum-drum, boring, or predictable. It still had a few of those campy, horror movie moments and I think that is where its charm is. If a horror movie can be charming, that is.

The acting was really good, and I think that Adam’s directing style had a lot to do with this. The entire movie was shot “practically” which means “on location”. There was no green-screen, no studio, no tricks. It was all filmed outdoors, on a ski slope, with the actors IN the gondola.

During the meet & greet they said that the actors had to be up on the gondola for six hours at a time. The filming was done on a ski resort in Utah and the lift was so long that to get off they had to ride all the way to the top of the mountain and all the way down, which took over an hour. So they had to limit the amount of interruptions in order to maximize filming time.

All the scenes in which it is snowing outside are real. When you can no longer see the actors’ breath, that’s because they are running out of body heat. That seems brutal to have endured that during filming for the actors, but I don’t feel too bad for them. THIS IS HORROR!

I felt like some of the scenarios were a little over-the-top, but I am ok with it. Isn’t that the point of a good horror film? Personally, I don’t want too much realism. I want fear, death, blood, and other delicious things that would probably never happen in real life. I definitely wouldn’t enjoy seeing people die in real life, I promise.

If you’re in for a good thrill, check your local movie listings and check out Frozen. I mean, come on, being that the majority of the Northeastern U.S. is under feet of snow & ice right now, how appropriate is this film?