frame   frame
SANS Logo SANS Homepage SANS Bookstore SANS Reading Room SANS Portal
  border   border  
ISC Logo   Infocon: visit SANS 2005    
border Handler on Duty: Bojan Zdrnja Wed, 20 Aug 2008 03:17:12 +0000  
Trends Top 10 Reports Contact About INFOCon Presentations Links print
green A morning stroll through my web logs
Aviation Across America

Jim Clausing's handler page

Handler Pictures

Another year, another SANSFIRE picture. From SANSFIRE 2007:

SANSFIRE 2006

This is a group of us that got together to watch fireworks the evening before the conference began. Left to right: Lorna, Johannes, Swa, me, Marc Sachs, and Mike Poor. And below, we have the infamous "handlers in leather jackets" picture.

And, of course, here is the picture from SANS NS2004 in Las Vegas.

That would be (from left to right) Johannes Ullrich, Dan Goldberg, Tom Liston, Brian Granier, me, Marc Sachs, and Koon Yaw Tan.

Flying

I also happen to be a pilot, so here is a picture my daughter took as we were coming in for a landing at the airport from which I do most of my flying.

My son got his license the day after I got my instrument rating, so here we have the 2 pilots in the family.

Tools

I've written a little perl script (yes, I know it doesn't do much) to take a stream that consists of the server->client side of an HTTP conversation and strips off the HTTP headers. I use it to extract files downloaded during web sessions when I have a pcap capture of the session. The script is here

And, in doing malware analysis, I like to have some idea of the packer being used. I like PEiD, but it is Windows only and isn't command-line so it is difficult to script. After I saw a posting about Ero Carrera's pefile, I decided he had already done the hard work, so I wrote packerid.py which uses a peid database like this one (updated 2008-03-14 14:30 UTC) or Neil's collection (note new location) or this one from Panda. Mine includes a few additional signatures or changes that I've found recently. I've been in contact with Neil about getting them merged back into his and/or released with PEiD itself.

And here is a little script that I threw together to gather some whois and DNS info on IP addresses that may be involved in malischious activity. Here is ip-as-geo.pl

Miscellaneous

Here are the slides from my Nashville talk.

And, finally, my ISC PGP/GPG key can be found here.

Well, okay, here is my real final word.

My ethnically enhanced global village name is Hailama Lyaksandro.
Take The Global Village Multi Culti Name Generator today!

My dragon name is Jarmore the All-Seeing (Blue Dragon).
Take Dragon Name Generator today!
Created with Rum and Monkey's Name Generator Generator.


HowManyOfMe.com
LogoThere are:
27
people with my name
in the U.S.A.
How many have your name?

Link to ISC © 2002-2005 The SANS Institute
SANS Web Privacy Policy: www.sans.org/privacy.php
 Contact