- 凯文 - Kǎi wén
- None right now
- 最近有什麼事嗎 - Zuìjìn yǒu shé me shì ma - What's new with you?
- 我明天早上很早就走 (wŏ míngtiān zăoshàng hĕn zăo jiù zŏu) - I'm leaving very early tomorrow morning.
- 很高兴跟你讲话 - Hěn gāoxìng gēn nǐ jiǎnghuà - It was nice speaking with you
Kevin Thompson kf0jvt
kf0jvt
/ Mandarin Notes.md
Last active
December 22, 2015 01:09
Mandarin words and phrases that I'd like to remember.
kf0jvt
/ stolen-laptop.csv
Last active
December 22, 2015 01:48
Script I wrote to take a csv file and produce VERIS schema-compatible JSON files representing the security incidents.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| github | vic.name | vic.naics | vic.country | vic.state | vic.employee | reference | summary | discovery | data.variety | data.total | asset.variety | notification | incident | data.subject | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 111 | Company | 121212 | US | MN | 25001 to 50000 | Personal | 82160 | Other | U - Laptop | http://youtu.be/RmFnarFSj_U | Something happened | Days | 12/24/2012 | 12/25/2012 |
kf0jvt
/ ddos-activist.py
Created
September 1, 2013 03:31
Script I wrote to take a csv file and produce VERIS schema-compatible JSON files representing the security incidents. This script is for incidents where an activist or activist group launches a Denial of Service attack against a victim's web service.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import uuid | |
| import copy | |
| import csv | |
| import datetime | |
| infile = csv.DictReader(open('list.csv','rU')) | |
| template = {u'impact': {u'loss': [{u'rating': u'Minor', u'variety': u'Asset and fraud'}, {u'rating': u'Minor', u'variety': u'Brand damage'}, {u'rating': u'Minor', u'variety': u'Business disruption'}, {u'rating': u'Minor', u'variety': u'Operating costs'}, {u'rating': u'Minor', u'variety': u'Legal and regulatory'}, {u'rating': u'Minor', u'variety': u'Competitive advantage'}, {u'rating': u'Minor', u'variety': u'Response and recovery'}], u'overall_rating': u'Unknown'}, u'incident_id': u'osint1016', u'reference': u'http://news.softpedia.com/news/Dutch-Government-Identity-Management-Platform-DigiD-Disrupted-by-DDOS-Attack-376189.shtml (20130821) http://www.nrc.nl/nieuws/2013/08/16/digid-deels-plat-door-ddos-aanval/ (20130821)', u'attribute': {u'availability': {u'duration': {u'unit': u'Hours'}, u'notes': u'', u'variety': [u'Interruption']}}, u'discovery_method': u'Unknown', u'schema_version': u'1.2', u'sum |
kf0jvt
/ CLASS_basic_networking
Last active
December 22, 2015 03:09
Review of basic networking topics. #class
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # OSI Model | |
| 1. Physical - electrical voltage on the wire | |
| 2. Data link - **ethernet** communication between two hosts on the same network | |
| 3. Network - **IP** - used for getting packets to the right network | |
| 4. Transport - **TCP/UDP** - quality control and error correction | |
| 5. Session - magic layer | |
| 6. Presentation - magic layer | |
| 7. Application - magic layer | |
| ## OSI Model Exercise |
kf0jvt
/ CLASS_administrative_controls
Last active
December 22, 2015 03:09
Administrative controls. Policies, Procedures, Standards, and Guidelines. #class
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IT Controls Matrix | |
| | | Preventative | Detective | Corrective | | |
| | ------------- |:-------------:|:----------:| -----------| | |
| | Administrative| Policy | Audit | | | |
| | Technical | | | | | |
| | Physical | | | | | |
| ## Definitions of Administrative Controls | |
| + Policy - Broad statement of management intent. **Example:** IT is responsible for secure configuration of endpoints. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Ethics | |
| Ethics in information technology is of supreme importance. As we will learn later in this court, the value of information is supported by its Confidentiality, Integrity, and Availability. If these attributes cannot be assured then users will lose faith in the information system and switch to other (possibly less secure) services. Information Technology professionals must always maintain a high moral standard so that users feel more assured that their data is not being compromised internally as well as externally. | |
| In this class we will briefly cover five approaches to ethics, and three world-views that people take in their approach to ethics. This isn't a class on ethics so you will not be expected to know these things in great detail. | |
| ## You're a WEIRD person (probably) | |
| Basically we're all good people, and we want good things for those around us. Yet even in our own communities we often disagree about ethical decisions. And world wide there is even less agreement. Why is it that good people disag |
This week is the start of grad school. Since I'm also working full time I decided to take it easy and only registered for two classes. I know that is a small sample size, but I'm pretty disappointed to learn that both of the classes have a lot of group projects involved in them. And I remember from my time as an undergrad student that (almost) every professor was assigning group projects too. Ugh group projects suck! I had hoped that I would be done with group projets when I left undergrad behind. Collaborative learning: the go-to pedagogy for lazy professors when service learning isn't available for some reason.
I draw a distinction between group projects and group work. To me, a group project is a larger deliverable where the intent is that students will work together over a longer period of time. Group work, on the other hand, is what I call it when you have students break into smaller groups within the class period to discuss something amongst themselves and possibly produce a sho
kf0jvt
/ gist:6427704
Last active
December 22, 2015 05:58
We noticed a problem with the VERIS Community Database where incidents that involved loss or theft were not being coded up with the availability attribute set. This script fixes that for all those incidents. #VCDB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import os | |
| def FixAttribute(inDict,filename): | |
| if 'availability' not in inDict['attribute'].keys(): | |
| print filename + " is messed up." | |
| inDict['attribute']['availability'] = {} | |
| inDict['attribute']['availability']['variety'] = ['Loss'] | |
| return inDict |
kf0jvt
/ gist:6428581
Last active
December 22, 2015 06:08
Simple script to count the number of issues closed by each person in a git repo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib | |
| import json | |
| import operator | |
| # Only going to grab 300 issues. May need to change this line | |
| filehandle = urllib.urlopen('https://api.github.com/repos/vz-risk/VCDB/issues?state=closed&per_page=300') | |
| usercount = {} | |
| issues = json.loads(filehandle.read()) |
kf0jvt
/ deface-activisty.py
Created
September 4, 2013 15:10
Python script that takes a csv file and turns it into a set of .json files which are VERIS 1.2 schema compliant. This script is for incidents where an external activist has defaced a website. #hacking #defacement #veris
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import uuid | |
| import copy | |
| import csv | |
| import datetime | |
| infile = csv.DictReader(open('list.csv','rU')) | |
| template = {u'impact': {u'overall_rating': u'Unknown'}, u'incident_id': '', u'reference': '', u'attribute': {u'integrity': {u'notes': u'', u'variety': [u'Modify data', u'Misappropriation']}}, u'notes': u'', u'schema_version': u'1.2', u'summary': '', u'action': {u'hacking': {u'notes': u'', u'vector': [u'Web application'], u'variety': ['Unknown']}}, u'security_incident': u'Confirmed', u'plus': {u'f500': u'N', u'master_id': u'osint523', u'timeline': {u'notification': {}}}, u'actor': {u'external': {u'motive': ['Ideology'], u'country': [u'Unknown'], u'variety': ['Activist']}}, u'victim': [{u'victim_id': '', u'country': '', u'notes': u'', u'industry': ''}], u'timeline': {u'incident': {u'year': 2012}}, u'source_id': u'osint', u'discovery_method': u'Ext - actor disclosure', u'asset': {u'assets': [{u'variety': u'S - Web application'}]}} | |
| for row in infile: |
OlderNewer