docker-compose up -d
export CONTAINER_ID="$(sudo docker container list -f name=development_timesketch -q)"
Create a case via Web UI
I decided to upload the plaso file via Web-UI.
Also in the Web UI, process feedback is visible
Now data is being indexed
This will trigger an entry in the debug output
[2019-12-30 19:22:38,018: INFO/MainProcess] Received task: timesketch.lib.tasks.run_plaso[2ab18910-e2e1-4b0d-977c-948605b335dd]
[2019-12-30 19:22:38,088: INFO/ForkPoolWorker-1] Index timeline [evidences] to index [d3cf025c5c94498e8300190d92e483ae] (source: plaso)
[2019-12-30 19:24:13,148: INFO/ForkPoolWorker-1] Task timesketch.lib.tasks.run_plaso[2ab18910-e2e1-4b0d-977c-948605b335dd] succeeded in 95.0877274190002s: 'd3cf025c5c94498e8300190d92e483ae'
After indexing, the data is ready to be explored via Timesketch
One of the new cool features is Analyzers. These analyzers run predefined queries on the data of a timeline do some actions like
add tags to matching events (e.g. phishy-domains)
add new fields to an event (e.g. browser search would add a field called „search_string„
To showcase the power of Timesketch, let’s try to solve some of the questions of NIST that came along with the image
What operating system was used on the computer?
This is rather easy as plaso already has a parser for that, so searching for „Windows NT*CurrentVersion“ will do the job
What is the timezone settings?
Again, plaso is already parsing that, searching for „timezone“ will show „ActiveTimeBias: 300 Bias: 360 DaylightBias: -60 DaylightName: Central Daylight Time StandardBias: 0 StandardName: Central Standard Time„
Seit ich vor ca. 1,5 Jahren mein Surly Orge gekauft habe, störte mich im Grunde nur eine Sache: der fehlende Fahrradständer. An vielen Orten ist es ohne Probleme machbar, das Rad anzulehnen, aber eben nicht überall.
Irgendwann bin ich dann auf dieses Video von Craig Meyer auf Youtube gestoßen:
Dort listet er folgende Dinge auf, die man benötigt:
capscrews+nuts 2x M6, 30mm (not 40mm!), stainless
DIN 912 I-6Kt Zyl-Schr 8.8 vz. M 6×30 (engl.: Metric socket cap, Stainless steel 18-8 (A-2), 6mm x 1.0mm x 30mm. Each)
DIN 982 Stoppmutter Kl.8 vz. Polyamidklemmteil, hohe Form M 6 (engl: Metric hex lock nuts nylon insert, Stainless steel 18-8, 6mm x 1.0mm. Each)
So day 1, I arrived around 11 AM and got myself in a queue which was surprisingly well organised and fast-moving. There is even a page to show waiting times for the last few years.
Once passing the entry area I was a little overwhelmed, lights, people, noise everywhere and the space seems simply large…
At some assembly, I met a good friend and long-time CCC / C-Base hang around who introduced me to some people and within a blink, 3 hours of conversation were gone.
Along the way, I learnt stuff about Freifunk, open firmware, and many more, but the most important thing – very good conversations and friendly people.
An aspect that is not covered much in blog posts or wikis is food. I was not sure how to prepare for the long days in regards to food and drinks. Turns out there are a lot of bars serving Mate (of course), beer, cola and other stuff and there are a lot of food places, so no a problem there (not vouching for the quality…)
Hacker Jeopardy was something I was curious but watched back in the hotel.
For many years I wanted to go to a CCC and this year because of different reasons I was finally able to go, this blog post is going to cover my planning and following posts will hopefully follow.
There is a log of coverage already how to prepare for a congress. Obviously, you need a ticket. I got my ticket thanks to a co-worker who is a pretty active member of a local chaos group, so was fairly easy (thx stean)
So after getting a ticket, a place to stay needs to be found. In most cases, I run with AirBnB, this time I was unable to find a cosy place nearby so I ended up doing a hotel reservation and I hope this was a good choice.
And last but not least, transportation. The way to go here for me is using german railway services, Deutsche Bahn. There is even a special page from Deutsche Bahn to get a special ticket for a lower price.
Of course, going to a conference you need your basic stuff as for every conference/travel, so I will not go into that too much. Especially for the congress, I tagged most of my gear that I plan to bring to the venue with my twitter handle and my domain so that it is easy to find the owner.
In addition to my normal list I packed the following items:
permanent markers (white/black) – maybe I can help with those
Auch wenn ich leider nicht am Triathlon in Maxdorf teilnehmen konnte (irgendwann schaffe ich es mal an die Startlinie) haben wir das perfekte Wetter genutzt für einen kleinen Ausflug an die Radstrecke dieses top organisierten Wettkampfes, ich habe die Kamera ausgepackt und wir haben gute zwei Stunden die Radler angefeuert.
Aus eigener Erfahrung weiß ich, wie positiv selbst einzelne Anfeuerungen am Rand helfen. Und auch richtig cool wieviele Athleten sich für den Zuspruch bedankt und mit uns gelacht haben.
Da ich mir nicht sicher bin, ob es einen Foto Service gab, bzw, ich mit den Fotos nichts verdienen will, habe ich einfach alle ohne Aussortieren hochgeladen.
Die Bilder dürfen zur eigenen Verwendung unter CC-BY-SA genutzt werden unter der Nennung von Alexander Jäger als Fotograf und über einen Link hier her freue ich mich immer.
Cyber security is a global issue but most people interested in the topic are not able to visit the big conferences because they are expensive or because they are not allowed to travel to the destinations.
But thanks to the evolving technology of video hosting sites and the fact that capturing talks on video is more and more getting the new norm, a lot of good security talks can be watched online.
Looking for good videos, I ended up in either a total mess of crappy videos or pretty good videos where not pushed up on the result pages by video hosting platforms because low number of views (most security talks at the moment to not attract that much audience). This is when I started a new repository called: „awesome security videos„
The idea is simple, collect and curate a list of online videos that is good from a content and a presentation point of view.
While writing some code, I stumbled across a API documentation, that only had curl examples (prefer to have curl examples over no examples at all) but I had some troubles converting it to proper python code and a friend recommended a page called: https://curl.trillworks.com/