Another dead link

Found another dead link to my paper’s


Finding rules for heuristic detection of malicious pdfs


A deeper analysis of the RTF exploit CVE-2010-3333

Looking for an old white paper I authored online today and couldn’t find it. The link is dead on the Sophos website 😦


SMS Phishing Reporting

This morning, 22nd Jan 2018, at stupid o’clock I received an SMS.


This message was obviously a phishing text, not least because I do not bank with HSBC.

Now by the time I looked at this message, GoDaddy had already suspended the domain. When I ran a Whois on the domain I saw:

Name servers:

The whois also showed a few other typical signs of spam.

Registered on: 21-Jan-2018

How to report this?

Reporting spam or smishing from a mobile couldn’t be easier all you have to do is forward the message to 7726 (or 87726 for Vodafone). 7726 being spam in the telephone keypad encoding.

Coding trick: Setattr vs. Exec

Recently, while writing a parser for files, in Python, I needed to dynamically assign variables. As an aide memoire for me and maybe for the rest of the world this post will talk about the trick.

code_snippet from Komodo IDE

So what is the code doing?

reg_01 = re.compile(r'.*core.xml')

Here we are compiling a Regex to match something ending ‘core.xml’.

if filter(reg_01.match,self.plist):

We are searching a list of pseudo files (from an archive) using the filter function.

The filter resembles a for loop but it is a builtin function and faster.

for item in filter(reg_01.match,self.plist):
parsed = XML(extract_file(,item))

This extracts the file from the archive and parses it as an XML file.

for elem in parsed:
taggy = re.sub(r'{[^}]*}','',elem.tag)

The XML tag has extraneous information that the Regular Expression substitution removes.

Before we go any further let us look at an example core.xml file.

<dc:title>This is the title</dc:title>
<dcterms:created xsi:type="dcterms:W3CDTF">1970-01-01T00:00:00Z</dcterms:created>

So what I would like to be displayed is:

  • self.title = ‘This is the title’
  • self.creator = ‘God’
  • self.lastModifiedBy = ‘Woman’
  • self.revision = ‘2’
  • self.created = ‘1970-01-01T00:00:00Z’

The first way of getting this result I found was:

#exec('self.' + taggy +' = ' + 'elem.text')

The use of the exec is frowned upon. When I came to rewrite the code (for another similar parser) I found setattr.

setattr(self, taggy, elem.text)

This code using setattr is much cleaner and simpler. Python unlike Perl strives that: “There should be one– and preferably only one –obvious way to do it.” see PEP 20.

Book review: Practical Packet Analysis – Using Wireshark to solve real-world network problems

Networks​ are a dark art and to truly understand them you must practise by analysing packets. Like Harry and friends in Dumbledore’s Army found that book learning, classroom learning isn’t sufficient alone. This book, doesn’t get bogged down in the minutiae but uses walked through examples to teach directly. In fact, nearly two-thirds of the book is the examples and while SANS “Intrusion Detection In-Depth” (which I attended in 2011) provides more details the examples mean that this book is ‘practical’.

The first third of the book, race through the groundwork of what is Packet Analysis, the OSI model, types of Traffic, and what is a, and types of, Network Taps at a rapid pace. Moving quickly onto what is and why Wireshark. Then we have a Wireshark tutorial that is terse but covers all the main areas you will need. With online help and documentation being more update it is always a hard thing to balance but in this case I think the author has put just the right amount of ‘How to …’ to get the reader up and running with Wireshark without regurgitating a manual. Then we have a quick diversion into Packet Analysis on the Command Line using TShark and tcpdump.

The next few chapters, concentrate on Protocol looking at Network, Transport and some Common upper layer Protocols like:

  • ARP
  • IPv4
  • IPv6
  • ICMP
  • TCP
  • UDP
  • DHCP
  • DNS
  • HTTP
  • SMTP

All with worked through packet captures (available here).

The rest of the book is analysis of some Basic and Advanced Scenarios including:

  • Missing Web Content
  • Inconsistent Printer
  • Slow Network
  • Finding Malware

The book finishes with a discussion of sniffing Wireless Traffic.

This is the 3rd edition of the book and I wish I had known of its predecessors because it is rare that I have to slice and dice packets nowadays and having this will get me upto speed without the fumbling in the dark. The book is clear written and is both an easy read and valuable resource when you have to do Packet Analyse.

Book Review: Wicked Cool Shell Scripts

This book was a revelation a book with the subtitle ‘101 Scripts for Linux, OS X, and UNIX Systems’ doesn’t suggest a riveting read. However, I was so engrossed that my original plan to review the book, to read the first two sections and then pick a script out of the each of the next 14 to review went out of the window and I devoured the whole book.

101 Scripts for Linux, OS X, and UNIX Systems by Dave Taylor and Brandon Perry The authors (Dave Taylor and Brandon Perry) show a love and depth of knowledge of the subject bursts out of the page.

The book has 16 sections number from 0 to 15 that contain 101 example scripts (though for some reason the scripts aren’t Zero-based) plus 3 extra scripts in the Appendices. The introduction chapter 0 hooked me straight off with a section that I wish I had had months ago when my work spun up new machines that were configured differently to the old ones. Many hours of frustration could have been avoided had I read ‘Configuring Your Login Script‘ which contains the gem:

The login script will be .login, .profile, .bashrc or .bash_profile,
depending on your system. To find out which of these files is the 
login script, add a line like the following to each file:

echo this is .profile

My current day job has a variety of CLI tools written in Bash, Perl and Python. Previous to reading this book I wasn’t confident in modifying the old Bash scripts and would rewrite them in Perl or Python. Now I have more confidence and understanding.

Currently, I spend ~8 hours a day looking at a bash terminal on remote computers and am in the process of automating my work. Having this book by my side is making my life easier. With the port of Bash in Windows 10 more people will be wanting to know more about shell scripting and this is the perfect book to start.

Book Review: Python Crash Course

Book Cover

Python Crash Course:
A Hands-On, Project-Based Introduction To Programming

by Eric Matthes

no starch press
ISBN: 978-1-59327-603-4

no starch press is rapidly becoming one of my favourite tech publishers. This book is quiet long but there isn’t much fat to trim. To find ~500 pages of useful technical information is a very difficult thing to do and yet Eric and his editors have managed it.

This book is based on Python 3 but explains where Python 2.7 differs. The book is divided in to two parts:

  • Part I: Basics
  • Part II: Projects
    • Project I: Alien Invasion
    • Project II: Data Visualisation
    • Project III: Web Applications

Full Disclosure I have only read Part I and have skimmed Part II for this review. When I have time I will go through the second part and write the code.

In each topic the author starts small and slowly builds on that part to show how to build better code. From:

def greet_user():
"""Displaying a simple greeting."""



def greet_user(username):
"""Displaying a simple greeting."""
print("Hello," + username.title() + "!")


explaining each line as you go. The explanations are really clear and it is now my goto resource for explaining things when Stack Overflow is not clear.

Last week, I wrote my first Python class and though I have been playing with Python for a few years I had never understood when and where to use a class. Over the next few weeks I expect I will be referencing the book more as I will be building more programs in Python.

I would recommend this book if:

    • like me, you have had no formal training in Python or,
    • like me, you have not encountered Python 3 before
    • you have to do implement any of the projects!

Though the highest recommendation is that I will be lending it to my nephew as he has been doing some Python courses at University and this book would make a great addition for any science student because the future of much science is Data Analysis and Python is a great (free) tool for that.