Regenerate Message Typed as captured in a USB Keyboard Packet Capture


I was recently presented with a packet capture file to perform some forensics on it as a challenge and see if I could find the hidden message. Naturally, it being a packet capture I fired up Wireshark only to be faced with a very bland single colour screen, quite different from the usual network captures most would be used to when using Wireshark (see Figure 1 below). There was none of the usual indication of different protocols broken down by colour. This was going to be a different type of challenge, and one I was going to learn a lot from, I knew I would enjoy it, and I sure did!

Figure 1: Bland, colour-free Wireshark window
Continue reading “Regenerate Message Typed as captured in a USB Keyboard Packet Capture”

Sunday Quicky #7: GOSI Certified!

Yesterday, with 3 days left on my deadline, I completed the GIAC Open Source Intelligence certifications exam with a score of 91%. Needless to say I was pretty delighted. I’m still unsure which of the following questions had the biggest impact on my certification exam result: Was the exam too easy? Did I prepare very well? Was the training provided so good that it was inevitable?

I’m leaning towards a combination of the training and my preparation. To be fair the “SANS SEC487 Open-Source Intelligence (OSINT) Gathering and Analysis” covered a breadth and depth of topics, and covered them well. A series of books are made available to course participants, one for each day of the course, and since the exam is open book, these materials are vital to your success in the exam. I did learn many new tools and techniques. However, if you’re a seasoned OSINTer you may find the course a bit foundational and remedial and it might be better to do one of their more advanced courses. But in terms of how I scored so well, as you might expect, every question asked in the exam could be answered from the pages of the training materials.

This brings me to my preparation, the books provided are between 140 to 180 pages each. Needless to say you can’t page through those materials for each of the 75 questions you get asked in the 2 hours you have to do the exam. So a big shout out has to go to Lesley Carhart for her blog post on her “Pancakes Index System”. It would not have been possible to efficiently work through the materials without an index, and I went with the Pancakes Index System, and it definitely worked and ended up looking like this:

Figure 1: Pancakes Index System in operation

Following the putting together of my index, I then completed the two practice tests. The practice tests were very close to the actual exam in terms of the format of the questions and provided great preparation for the exam itself.

And there you have it. A great course with a great instructor @dutch_osintguy in my case, and enthusiastic class mates led to a great experience and now, thankfully, another successfully completed certification exam.

A Collection of OSINT related Bookmarks

I recently completed the SANS SEC487 course in Open-Source Intelligence Gathering and Analysis. I also signed up to do the related GIAC Open Source Intelligence Certification exam. I really don’t want to be in the position of failing that exam, so I’m thoroughly preparing for it.

While conducting my preparations I have been slowly collecting the various resources that were used during the course into a list of bookmarks that I can share with the world. These bookmarks are available from the OSINT Bookmark Collection from github repository as a html file that can be imported into your browser (right click -> save file, for best results). For anyone who has never imported bookmarks before or even for those who do it very irregularly a set of instructions can be found below.

Continue reading “A Collection of OSINT related Bookmarks”

Sunday Quicky #6: Essential Initial Git Settings on Linux When 2FA is Set Up on Github

So you’re set up on Github, and being the privacy conscious person you are you have Two Factor Authentication turned on. You’ve added a personal access token so that you can push from repos from a machine. Now you have a new install of Git on some flavour of Linux and you want to configure Git on the command line to be as frictionless as possible while you’re using it, while still remaining secure. What you really need for this is to set up credential caching so that you won’t need to enter your password every time you run git push. Let’s explore this and some other initial configuration steps that will make use of Git that much easier.

Continue reading “Sunday Quicky #6: Essential Initial Git Settings on Linux When 2FA is Set Up on Github”

Sunday Quicky #5: A Handy Bookmarklet for Analysis

I’m not going to lie, I hadn’t heard of bookmarklets until earlier this year at one of the SANS summits. They were quite the revelation. Their potential at automating collection and analysis of data was very obvious and very powerful. However, up until Today I hadn’t come across a compelling reason to make a bookmarklet. If you already know what bookmarklets are skip the next section to see what I made.

What are bookmarklets anyway?

Bookmarklets allow you to use javascript code in a bookmark in order to enable automation of some action. That’s a very brief summary and it’s not a whole deal more complicated than that but for a bigger explanation and a few more examples go visit this article on bookmarklets.

Continue reading “Sunday Quicky #5: A Handy Bookmarklet for Analysis”

Timeline Chart Tool

Figure 1: Sample Timeline Chart

So you need a timeline chart and you need it for work. No worries, services exist for creating beautiful charts online, Lucidchart being one of the best examples (not a sponsor). But… You need the chart for work, you need it to contain sensitive data for internal use only, you may even need to include the dreaded PII (Personally Identifiable Information).

Now, are any of these chart producing services going to leak your data? It’s not likely to be honest. Am I saying don’t trust Lucidchart for example? Not necessarily. But I am particularly sensitive to the risk of data leaks due to having come from a Law Enforcement background where a PII leak could lead to loss of employment. Also I have recently completed a course in Cyber Security. These are both huge factors in my sensitivity to the risk of a data breach that could occur by using a third party service. Just think, if Lucidchart were to suffer a breach that in turn led to breach of data contained in charts created by you on that service, you might in turn also have to report a breach, it’s all very complicated at that stage.

The solution? Roll your own, read on for a relatively easy way to create your own timeline chart without ever having to reach out to an online service with data you don’t want exposed.

Continue reading “Timeline Chart Tool”

Sunday Quicky #4: Creating a New Github Project

I have already done the bulk of the work on this, but it has a lot of waffle around it, so this will be a more straight to the point version.

Step One: Create Git Local Repository

Figure 1: Create local repository

Traditionally you add a file first and initialise the repository, then add the new file and commit it.

Continue reading “Sunday Quicky #4: Creating a New Github Project”

Sunday Quicky #3: Sources of Open Data

This is a quick post in relation to where you could find sources of Data to run experiments and code on. It was inspired by a talk during the week that spoke about some open data initiatives. It reminded me of my search for data when I started out, in the end I abandoned working on any of the sources in favour of taking on a course of study in Cyber Security, that’s a year I’ll never get back!

However, I had done a little groundwork, the course is over and these sources may well be of use to someone so I’ll make a quick post about them.

Continue reading “Sunday Quicky #3: Sources of Open Data”

Enable Enhanced Session Mode on Parrot OS Guest within Hyper-V

This shouldn’t take long, I’m posting it mainly because I didn’t see the answer available when I went searching earlier, at least not an answer specifically referencing Parrot OS.

This week I’ve been doing a bit of tinkering with Microsoft’s hypervisor offering, Hyper-V. I installed Kali Linux first, but there was not full-screen option, what gives? Luckily, there was a very good answer to the problem in Kali’s own documentation. Like magic it worked. I turned on the VM started browsing a few sites and it quickly became a bad browsing experience. I don’t know which part of the system was letting me down but tabs were crashing left, right and centre (not a misspelling by the way, no matter what WordPress thinks).

My next step was to try a different version of Linux, so I went with a similar distro to Kali, Parrot OS. Guess what? No full screen yet again. And I couldn’t find a single reference online that had reported a solution. However, both Parrot OS and Kali Linux are Debian derived, I wonder???

Continue reading “Enable Enhanced Session Mode on Parrot OS Guest within Hyper-V”

Generating Data With Jupyter Notebook


This post is inspired by a problem I was too busy/lazy to solve when I initially had it, but was also solved by finding an easier solution. Nevertheless, I’ve come back to it because there are times that the available easier solutions won’t go far enough to giving access to the types of data you might want to work with.

So the problem was, I wanted to have access to a store of data to practice working with Jupyter Notebook. At the time I had none to work with so I thought about a way to generate some random(ish) data to work with in order to get my practice in. This solution is kind of meta, I use Jupyter Notebook to generate data, so that I can work on the data in Jupyter Notebook.

Continue reading “Generating Data With Jupyter Notebook”