Wednesday, February 29, 2012

I hope I'm ready for this presentation tomorrow!

Monday, February 27, 2012

I forgot about this blog...

Wow...I forgot I had this. It's so difficult keeping up with the various social media sites. Plus I rarely have anything worthwhile to say. lol

But that is changing!

-Chuck, The Maddog Monk

Friday, February 20, 2009

Coming soon to a blog near you

I had totally forgotten about blogging. I’m such an impulsive and easily distractible person. haha

I have plenty to talk about, quite a bit I want to say, I just have to form the thoughts into something coherent enough for a blog entry.

Yesterday (Feb 19) was one month since my Mom was buried. She passed away Jan 16th, and was buried Jan 19th. She was 58 yrs old. I’m still unsure what to think, what to feel, how to feel.....gah, I just don’t know. *shrug*

Anywho, I’ll be back soon.

peace out

-Chuck
:wq

Sunday, May 18, 2008

Blogger on the go

This message was sent using the Picture and Video Messaging service from Verizon Wireless!

To learn how you can snap pictures and capture videos with your wireless phone visit www.verizonwireless.com/picture.

To play video messages sent to email, QuickTime� 6.5 or higher is required. Visit www.apple.com/quicktime/download to download the free player or upgrade your existing QuickTime� Player. Note: During the download process when asked to choose an installation type (Minimum, Recommended or Custom), select Minimum for faster download.

Tuesday, July 17, 2007

HIDS are from Mars, NIDS are from Venus

Interesting title, don't you think? But, it is accurate if you think about it. HIDS, or Host Intrusion Detection System/Software, and NIDS, Network Intrusion Detection System/Software, though having the same core purpose (that being Intrusion Detection) are such very different creatures. HIDS looks at events as they relate to the host, or occur on the host. NIDS looks at events as they relate to network traffic.

Example: HIDS will see the syslog events where someone tried logging in via ssh, and is pretty positive that these events occurred. Very fact based, not very subtle. NIDS sees the ssh traffic, and probably wouldn't trigger an event unless the ssh packets are not rfc compliant or an attack pattern is detected in the packets themselves. If NIDS does trigger an event, the event would be somewhat vague and non-committal, and you (the IDS engineer/analyst) would have to do some interpretation and correlation. Note the subtle differences in how each approaches and implements their solutions to the same problem; that being intrusion detection.

I'll leave it up to you, the reader, to decide which variant of IDS fits which gender. It's safer that way...less chance of offending someone's (so-called) politically correct sensibilities. Me personally....I'm a HIDS.

Quite often it can be difficult correlating events from HIDS and NIDS (e.g. He said..., She said...”), let alone other event sources (which we won't go into for this brief discussion). Since HIDS and NIDS look at intrusion detection differently, they are bound to talk about (log) events differently and use differing lingo. You need someone to act as a go-between, and interpreter who understands both languages (HIDS and NIDS), and can make sense out each input (logs) as well as provide an accurate “big picture” of your environment (depending on how many logging sources you have of course). OSSEC-HIDS fits that role quite well. It understands NIDS events, HIDS events, firewall events, and so much more. It's the relationship counselor of intrusion detection. *smile*

Anyone who knows me, knows that somehow I'll find a way to wriggle OSSEC-HIDS into most any conversation. It's one of my favorite open source projects. Perhaps I am somewhat biased in my opinions regarding OSSEC-HIDS, but what I said about it is essentially accurate, though understates the features it brings to any environment. OSSEC is more than an IDS relationship counselor, but it handles that task quite nicely if you ask me.

Tuesday, July 10, 2007

Nothing is going to change until I become President of the U.S.

I've often said that nothing is ever going to get fixed, until I am elected President of the United States. Considering the dire straits my country is in (government leadership-wise), I've gotten a bit more curious about what it takes to be able to run for President. So, what are the requirements to become President of the United States?

Answer: The United States Constitution outlines the requirements for President in Article 2. This article of the U.S. Constitution also outlines the powers of the President and Executive branch of government.

Section 1 of Article 2 of the U.S. Constitution states that a President must:

  1. Must be a natural born citizen of the United States.
  2. Must be at least 35 years old.
  3. Must have lived in the United States for at least 14 years.

Hmmm....well, let's see if I qualify. Yep, I am a natural born citizen of the United States. Yes, sadly enough I am over 35 years of age (though not by much!). And yes, I have lived in the United States for at least 14 years (I've lived in the U.S. my entire life...all 39 years.)

So I guess I do meet the minimum requirements to run for the office of President of the United States. Now all I need is some folks to vote for me. :)

Vote for Chuck in 2008!

Monday, June 4, 2007

CTF 07 Qualification round has begun.....and ended.


Well, I had intended to blog while the CTF qualification round/weekend was going on. But you see how well that plan worked out. CTF07 quals started Friday (June 1st) night at 10pm eastern (8pm mountain), and ended Sunday (June 3rd) at 10pm eastern (8pm mountain). Our team, “our wives are pissed”, initially ended up in 11th place. Though not bad considering over 200 teams registered for the event, but only the top 7 teams qualify to compete in the actual Capture The Flag competition at DefCon.

About 10:30pm (mountain) Sunday night (right after the quals ended), Syndrowm sent me a text message saying that we were in (we qualified for CTF)! So I ran downstairs (I was upstairs reading) to my laptop to check on the mud, and on irc, to see what the heck happened. Turns out that two of the teams that qualified couldn’t make it or just decided not to compete, so that freed up two slots and put us into 9th place; still not enough to get us “To The Show”. Then we found out that two other teams that had qualified were actually “ghost teams” for other team(s) that had qualified, so they dropped the two ghost teams, which put us in 7th place....enough to qualify us for CTF!

Note: This year’s qualification round was a stone cold bitch. Mad props go out to the folks that put it all together, Kenshoto. I seem to recall many threats of kicking Invisigoth in the shins for *insert category*/*insert question value*. It was incredibly fun, and incredibly challenging.

Link to the results page: http://www.kenshoto.com/ctf07/quals_final.html

I have a lot of studying and trial/error to do before the actual competition. Time to start hackin’ up my lab network!