Capture a spurious outbound connection with NETSTAT

Several years ago, I created a PowerShell script to create a log of outbound connections.  What if you need something quick and dirty and cannot use a script like that or external tools like Process Explorer, etc? Here is a batch script that runs in an infinite loop and catches … Continue reading

Are BitTorrent Pieces 250Kb Long?

I was researching BitTorrent and noticed in the Specification that it said that the typical length of a Piece was 250 kilobytes long.  That made me curious so I decided to perform some quick research to determine the extent of variation. First, I modified the BitTorrent Parser that I had created previously … Continue reading

A Python Parser for BitTorrent Metainfo Files

Lately, I have been doing some analysis of BitTorrent Descriptor Files, or “metainfo” files as the BitTorrent Protocol Specification calls them.  One could simply open the *.torrent file in a text editor.  If that is done, you would see something like:

The first part of the file is “almost … Continue reading

Bash Script Tests for OS and Run as Root

In my last post, I discussed using sed, the stream editor to make configuration file changes via a bash script.  There are two important factors to keep in mind: Many configuration file can only be modified as root, and The location of configuration files will vary depending on the Linux … Continue reading

Shannon Entropy of Various File Formats

In yesterday’s post, I introduced a tool (graph_file_entropy.py) that I created to visualize the frequency distribution of the bytes in a file.  For today, I will show the results of using this tool for a cursory examination of the Shannon entropy of various, common file formats.  This will illustrate benefits … Continue reading

Calculate File Entropy

Entropy is the measurement of the randomness.  The concept originated in the study of thermodynamics, but Claude E. Shannon in applied the concept to digital communications his 1948 paper, “A Mathematical Theory of Communication.”  Shannon was interested in determining the theoretical maximum amount that a digital file could be compressed. … Continue reading

GeoLocation in Python

When performing a security analysis, it is often desirable to know the country and sometimes even the city from where traffic is originating from.  There are a variety of websites, like www.iplocation.net,  that allow you to enter in an IP address and will report back the city and country as … Continue reading

PowerShell Script to Log Network Connections

General Description The Log-Connections.ps1 file is a PowerShell Script that Logs active TCP connections and includes the process ID (PID) and process name for each connection on a Microsoft Windows computer.  The log file name is a parameter that is passed to the script at run time.  A log entry … Continue reading

  • The postings and views on this site are my own and do not necessarily reflect the positions, strategies, or opinions of any current or previous employer.