jcran

Using ‘jq’ to query JSON

jq is great for CLI manipulation of JSON data! Handy little bit of knowledge here, stashing so i can remember. You’re probably familiar with the fact that you can use the command line tool jq to do pretty printing of JSON on the command line, like this: $ cat file.json | jq “.” | headContinue reading “Using ‘jq’ to query JSON”

Spectre & Meltdown: Mitigation Status

UPDATE 20170104: US-CERT has published an alert with aggregated links to vendor guidance and updates. Rather than requiring you to chase info all over the Internet (or on Twitter), we’ve aggregated information about the Meltdown and Spectre vulnerabilities here for your convenience. Overview Several recently-published research articles have demonstrated a new class of timing attacksContinue reading “Spectre & Meltdown: Mitigation Status”

Visualizing Pentest Findings

Quick blurb so I can remember this. A bubble chart can make a handy display for pentest findings – and prioritize them. It’s a simple way to identify and display high-impact, low-cost issues. Here’s an example of a bubble chart with some findings pre-populated. If you’re interested in using this, just create a copy and goContinue reading “Visualizing Pentest Findings”

You and Your Research

I was recently pointed to a great speech entitled “You and Your Research” given by Richard Hamming of Bell Labs (and Hamming codes!) fame. It’s essentially Hamming giving his insight on how to do great work as a scientist. I think it’s relevant for anyone doing infosec research today. Here are my key takeaways: WorkContinue reading “You and Your Research”

Getting started in Information Security

I recently had a college student ask about getting into Information Security. Here’s his question: My biggest issue with my current education is the broad scale and lack of clear direction on how to achieve my goals. I know that I am very interested in penetration testing. Ethical hacking in general is a very bigContinue reading “Getting started in Information Security”

Regional Internet Registries

Handy reference list of links, storing in a single place for future use. A Regional Internet Registry (RIR) is an organization that manages the allocation and registration of Internet number resources within a particular region of the world. Internet number resources include IP addresses and autonomous system (AS) numbers. Map of Regional Internet Registries. ARINContinue reading “Regional Internet Registries”

Cybersecurity tips for traveling abroad

This was originally written in early 2017 for a friend of mine that asked for advice about how to avoid being hacked when traveling abroad. It mirrors much of the DHS Travel Safety advice, but is meant to be a little more practical. I’m re-posting it here for the benefit of others. Note that this checklist applies forContinue reading “Cybersecurity tips for traveling abroad”