I was looking for some old documents today, and while I didn’t find what I was looking for I did find something else.  I’m a bit of a pack rat, so while looking through my old files I came across stuff as far back as high school.  Old loves lost, regrets I’ve had, inspirational words given to me by my parents - a lot of wonderful stuff that was fun to go through and see where I’ve come in the past 10 years.  It was also pretty fun to pick out the documents that marked a significant turning point in my life, many of which I still have - my application for my first “real” job, a letter from a girl that defines what we had, a map from when I first moved out to Chicago and was looking for apartments, poetry I once wrote and a whole bunch of other stuff.  Which leads me to question - what will the next 10 years bring?  I couldn’t even guess.  Thinking back to my senior year in high school, I had no idea or ambition that I might be a respected information security professional all the way out in the pacific northwest having just recently summited Mt. Rainier and dawdling in amateur competitive ballroom dancing.

What a trip it’s been.

What a trip it’s going to be.

I went boarding again today up at Crystal Mountain and had a great time.  I’m doing pretty well now and can make it down a blue trail without falling…too much.  Not too bad for the second time around.  I’m also not too sore…yet.  We’ll see how I feel tomorrow.

It was good to come home, though, and after a long, hot shower I quickly called up a local Indian joint for some butter chicken and garlic nan.  I hit the grocery store, took a drive to the Indian joint and picked up my food.  I was parked around the corner of the main drag and as I was putting my food into my car, I heard the distinct screech of brakes out on the street.  I turned around just in time to see two cars nearly T-bone each other right in the intersection.  It wasn’t a head-on, but they collided quite hard and parts went flying.  Soon enough there was a girl from one of the cars running around crying - I’m not sure if she was hurt or if it was one of the other passengers that was hurt, but it was disturbing nonetheless - the driver of the car that got hit was doing exactly the same thing I had just a couple minutes earlier.  Pulling across a fairly busy street from a side-street.

In my opinion, Seattle streets are quite notorious for being pretty dangerous.  All over the place there are roundabouts, intersecting streets with no traffic signs or signals, and side-streets criss-crossing main streets all over the place with people illegally street parked right by the intersection.  I was just thinking the other day how surprisingly free the streets are of accidents…but this was definitely a chilling reminder to be careful out there.

As previously mentioned, I recently came into the possession of a MacBook pro. Always being the diligent student of security, I decided to enable FileVault for my home directory. Unfortunately, with the combination of Parallels and merging gigs of pcap files, the performance wasn’t really holding up and I decided to revert the process. Relying on the ease of use of Apple’s software, I went into my Security preferences and clicked “Turn off FileVault”. After entering the requisite passwords and dialog boxes, the system logged me out and began the process. A few moments later, I was greeted with this unfortunate message:

An error occurred An error occurred during decryption (An error occurred during copying ). FileVault will be turned on for this home folder and the home folder will still be encrypted.

An audible sigh escaped my lips as I realized this wasn’t going to be as easy as I hoped. A Google on the error message revealed pathetically few results (2, at the time of this writing…one in Japanese). Some more creative Google searches revealed some useful tips, but trying to repair or restore the filesystem both resulted in failure with cryptic error messages. It seemed the root of the problem was the result of filesystem corruption in the actual encrypted sparseimage that housed my home directory. One of the recommended courses of action included copying the contents of the encrypted image to another directory, deleting the user, and creating a new, replacement user. I really didn’t want to do this…so I came up with another way. These instructions are not verbose and some file permission munging was required, but this should give a general idea of how I solved the problem.

• Create another account
• Login to this second account
• Create a new encrypted sparseimage of larger size than the current one and give it the same password
• Mount both the old sparseimage (located in /Users/<user>) and the new one (~/usernew.sparseimage)
• Copy the files over using tar: `cd /Volumes/<user>; tar cfp - ./* | (cd /Volumes/usernew; tar xfp -)`
• There might be some errors, so that’s why I left the verbose flag out of tar - make sure critical files aren’t missing
• Configure all files on the new filesystem to be owned by the proper user
• Unmount the filesystems and move the new sparseimage to the old one:
• mv /Users/<user>/.sparseimage /Users/<user>/.sparseimage.old && mv ~/usernew.sparseimage /Users/<user>/.sparseimage
• Log out and back in as the original user
• Try to disable FileVault again…it should work this time. :o)

I can already feel my hard drive breathing a sigh of relief.

So I’ve continued to play on the same soccer team that I joined while I was out in Seattle this summer as it seems they continue to play outdoors in the winter.  While Seattle’s winter is still somewhat milder than what I’m used to, we’ve been going through a little bit of a cold snap here.  So it was with a little bit of guilty pleasure that I heard our Sunday evening game was going to be cancelled.  Alas, as fate would have it, the specific field our game was scheduled on was one of two fields that were still holding games.  So there I was, 7pm, flood lights canvasing the field, jumping up and down in approximately 28-degree weather.  It was awesome, though - I had a great time and thoroughly enjoyed myself.  But now…it’s time for a nice warm shower.

I just started using FoxyProxy about 3 minutes ago and I already love it.  As somebody that does a lot of security testing through a variety of proxies as well as tunneling my standard HTTP traffic through my home proxy, I know have a solution to avoid mixing the two.  FoxyProxy has the capability to use a proxy based on a regular expression or pattern, so it is now extremely easy to proxy all testing traffic through my HTTP interceptor of choice.

I have a confession to make.

I didn’t realize it until this morning, but…

well…let me just tell you what happened.

…

I got into work this morning and popped open my new Macbook Pro and instantly thought ”oh man, MacWorld is tomorrow, I can’t wait!”

Yes, ladies and gents…I believe I may now officially be a Machead. Combine the above statement with the fact that I now use the Mac for both my personal and work laptops and no longer own a Windows laptop, and I believe you see how I reached my conclusion.

For those of you that fainted, have no fear.  As you can see from my PowerShell posts, I am still very much a Windows junkie and this will be a very difficult transition.  But I will still have Windows installed in some form on my Mac.  I can’t leave it yet, that’s for sure.

Holy mac Fanboy, batman! It’s going to be an expensive day for Damon. MacWorld rules supreme!

ohsobeautiful

Dear Steve,

I just wanted to let you know that my “SmartPhone” is going in the trash immediately if the iPhone is as good as it looks.

Thank you,

DCortesi.com

I’ve recently had the need to seriously mess with packets on the IP and TCP layer and went on the hunt for some good tools to do so.  A quick search and some general knowledge led me to some of the most useful packeteers out there today - Tcpreplay, Bit-Twist, and of course Scapy.  While I’m being a link whore, I should mention geek00l’s blog, which seems to have posts on quite a bit of packet mangling that have come in very useful.  In any case, here’s a few interesting examples of how I used these:

# Using a sniffed packet and modifying it to generate other traffic # tcpreplay makes a lot of noise! ./bittwiste -I tcpdump_packets.pcap -O mod.pcap -T tcp -s 80:443 -d 80:443 ./bittwiste -I mod.pcap -O mod2.pcap -T ip -s 192.168.0.1:192.168.0.86 -d 192.168.0.1:192.168.0.86 mv mod2.pcap mod.pcap tcpreplay -R -i eth0 -l 0 mod.pcap

Or scapy’s awesome ability to read in pcap’s:

# Using scapy to fuzz sniffed traffic a=rdpcap(“tcpdump_packets.pcap”) z=IP(src=”192.168.0.86”,dst=”1.2.3.4”)/fuzz(TCP(dport=22,dataofs=5,reserved=0,flags=”PA”,window=65535,chksum=0x23,urgptr=0,options=[]))/Raw(load=a[0].load) send(z,loop=1)

That was way too easy.  Fuzzing with scapy?  Look above…it’s got a FUZZ method?!  It couldn’t be easier.  I love the world we live in.

I’m frequently firing up tcpdump on my mac, but then having to restart it with the correct interface if I happened to be on a wireless network (which I frequently am on the mac). I finally got tired of that, so I whipped up a quick script that determines which interface is up and consequently starts tcpdump on that interface.  Allow me to cat /usr/bin/stcpdump for you:

1 2 3 4

#!/bin/sh INT=`ifconfig | grep -A3 "en.:" | grep -B2 inet\ | head -n 1 | cut -f1 -d:` sudo tcpdump -i $INT $@

Much better - saves me a big of grief. ;o)

One of my more famous quotes from a previous job was “oh yea, I’ve got a script that does that…”.  Most of my co-workers know that if it can be scripted, I’ll do it.  Perhaps the recent post over on the PowerShell blog, Philosophy of Automation, explains why I’m such a script junkie.

Civilization advances by extending the number of important operations which we can perform without thinking about them.

Alfred North Whitehead, Introduction to Mathematics (1911) English mathematician & philosopher (1861 - 1947)

I’ve been playing with PowerShell quite a bit lately as you noticed from my base64 copy/paste one-liner.  I’ve also been playing with it’s integration with .NET and COM objects (read: IE Browser Automation!) and am fairly impressed.  There’s a lot that can be done with PowerShell.