Jon Schipp

This web page is a deliberately simple attempt to document my achievements and work to serve as a reference for myself, family, colleagues, clients, and employers.

Menu: [About] [Resume] [Websites] [Contributions] [Presentations] [Television] [Articles] [Awards] [Certificates] [Conferences] [Consulting] [Music] [Contact]


pic

pic

Home lab [jpg] [jpg] [jpg]

About:

I'm a Security Engineer for the National Center for Supercomputing Applications and a part-time IT consultant.
I have a great deal of interest in unix-like operating systems and information security, and most
specifically, intrusion detection, traffic analysis, and the practice of network security monitoring.
Through trial, error, and some good fortune, I've gradually developed an affinity for coding and have
been spending much of my free time improving.

I spend the other half of my leisure time dabbling in ideas and intellectual history, from social theory
and philosophy to political science and economic thought. I enjoy trying new foods and playing volleyball.



Resume/CV:

classic version [pdf]

Current Goals:

Websites:

jonschipp.com - My personal page
sickbits.net - Southern Indiana Computer Klub (Founder)
open-nsm.ncsa.illinois.edu - Open Network Security Monitoring Group (Founder)
dclinux.org [archive] [defunct on 08312013] - Dubois County Linux User Group (Founder) [pdf, pdf, pdf, pdf, pdf]

Free and Open Source Contributions:

nagios-plugins - Collection of Nagios plug-ins I've written
vagrant - Vagrant configurations I've created
bro-scripts - Collection of Bro scripts I've written
pps - Prints PPS, BPS, and percentage of line-rate for a network interface.
mal-dnssearch - A malware host detection and prevention script that handles multiples logs
malcachesnoop - Defensive malware cache snoop shell script
metacapng-test - PCAP-NG Metadata recon tool in python *in progress*
ewhois-query - Shell script to query the ewhois database from the cmd-line
gencfg - A Trafgen configuration generation and syntax testing tool written in bash
netsniff-ng - Documentation and minor commits for a high performance suite of networking tools [html, etc]
securityonion - Enhancements for the popular NSM Ubuntu-based Linux distribution [html, html, html, html, html, html, html, html]

Presentations:

Intrusion Detection and Packet Analysis: Using Bro to Gain Network Visibility -- ITT-Tech, Newburgh, IN Oct 31, 2013 [pdf, txt, jpg]
Netsniff-NG Toolkit -- Hack3rcon^4 Oct 20, 2013 [youtube, mp4, ogv, pdf]
Netsniff-NG Toolkit -- Derbycon 2013 Sept 29, 2013 [youtube, pdf]
A Look at the Netsniff-NG Toolkit: A High Performance Suite of Networking Tools -- Midwest Open Source Software Conference, University of Louisville May 18, 2013
[html, pdf, png]
Intro to Network Traffic Analysis -- Hacker Hotshots, Concise Courses Feb 12, 2013 [html, youtube]
A PCAP Workshop -- Hack3rcon^3 Workshop Oct. 19-21, 2012 [html, [pt1:youtube, avi, mp4, ogv | pt2:youtube, avi, mp4, ogv], txt, odp, pdf] [video mirror] \
- (Slides used in course, "Hacking Techniques and Intrusion Detection", Ali Al-Shemery, Assoc. Prof., Princess Sumaya University for Technology (PSUT))
An Introduction to Traffic Analysis: A Pragmatic Approach -- Marshall University, AIDE Conference May 21-25, 2012 [html, youtube, avi, mp4, ogv, odp, pdf] [video mirror]
FOSS for Unix Administrators -- Vincennes University, Jasper Campus 2011
What's Under Your Hood: Implementing A Network Monitoring System -- Hack3rcon 2 Oct. 21-23, 2011 [youtube, avi, mp4, ogv, ppt, pdf] [video mirror]

UIUC ACM Linux User Group Presentations:

Linux From Scratch series -- March - May 2014
Creating Vagrant Environments -- March 2014
Introduction to Linux Networking -- February 2014
Awk Primer -- February 2014

Dubois County Linux User Group Presentations:

Automated Distributed IDS w/ SecurityOnion -- DCLUG May 9, 2013
X11 forwarding w/ SSH -- Ibid.
XQuartz (X11 replacement) on OSX -- Ibid.
MacTex Distribution on OSX -- Ibid.
GeoIP w/ Wireshark -- Ibid.
Rpcapd (Windows) -- Ibid.
Intro. to Github -- Ibid.
Ewhois-query script -- Ibid.
Ninite application updater (Windows) -- Ibid.
Mandiant's Redline (Windows forensics) -- Ibid.
Cisco - Configure SPAN ports -- Ibid.
Wireless Hacking -- DCLUG Feb 3, 2013
Messing with PCAP's Containing Raw Wireless Traffic -- Ibid.
A look at LaTeX -- Ibid.
Writing Security Tools with Bash -- Ibid.
A Brief Look at the Linux Network Stack -- DCLUG November 4, 2012
A Detailed, High-Throughput /etc/network/interfaces configuration on Ubuntu Server -- Ibid.
Getting Things Done with awk/gawk -- DCLUG August 5, 2012
Netsniff-NG - a Performant Sniffer -- Ibid.
ifpps - Network Stats -- Ibid.
vnstat - A Console Based Traffic Monitor -- Ibid.
CPU Affinity and Interrupt Binding on SMP systems -- Ibid.
Primer on Shell programming with sh/bash -- Ibid.
A Look at a Production Sensor/NMS -- Ibid.
Interface/Network Stats on Linux ( ifpps, tcpstat, atsar ) -- DCLUG June 3, 2013
Network Stress Testing on Linux ( hping3, trafgen, iperf ) -- Ibid.
sed primer -- DCLUG April 8, 2012
Bash Editing Modes: vi and emacs -- Ibid.
Bash Globbing (expansion) -- Ibid.
htop - a better top -- Ibid.
A Brief Look at BPF Assembler -- Ibid.
Networking with Linux -- DCLUG December 4, 2011
Introduction to Moving Text Files Between Windows and the Unices: newlines, carriage returns, tr, sed, od, hexdump -- DCLUG November 16, 2013 [txt]
FreeBSD: sockstat -- Ibid.
Network Throughput Testing with iperf -- DCLUG October 2, 2011
An Introduction to PF -- DCLUG September 4, 2011
Remote Logging with syslogd -- Ibid.
Host Intrusion Detection with OSSEC -- Ibid. [odp]
Keeping Time with ntpd -- DCLUG August 7, 2011 [odp]
Remote Logging with syslogd -- Ibid.
(DNS) Transaction Signatures in BIND -- Ibid.
Using netstat - A Look into the Networking Subsystem -- Ibid. [txt]
Intro to GPG -- DCLUG April 3, 2013 [txt]
OpenSSH with Pub-Key Authentication -- Ibid. [odp]
Passwords in Depth: Hashing, Salting, Storage, and Attacks -- DCLUG February 6, 2011 [odp]
/home files -- DCLUG November 7, 2010 [odp]
smbclient/mount.cifs -- Ibid. [zip]
netcat -- Ibid.
Network Tools -- DCLUG October 3, 2010 [zip]

Television:

ITT-Tech Commercial -- Nationwide March 2014 [mov, wmv]

Articles:

Creating a Personal Privoxy/Tor/Proxy EC2 Instance [html]
CHECK_NRPE: ERROR - Could Not Complete SSL Handshake [html]
SecurityOnion - Connecting to Sguild [html]
Nagios Configuration Tips and Tricks: Shell Edition [html]
SecurityOnion - Moving the MySQL databases [html]
Tuning Snort Rulesets with Bro Data [html]
Nagios Deployment Automation Tips and Tricks [html]
Intelligence Data and Bro [html]
Automate Patch E-mails with Git Hooks [html]
Working with Bro Logs: Queries by Example [html]
Creating a Minimal Bro Cluster [html]
NSM Sensor Perspectives - Examples of a Topology Map [html]
Snorby's Asset Manager - Convert and Upload /etc/hosts [html]
Packet Loss Under Light Load: Invalid Packets or Line Noise? [html]
OSX Live Memory Forensics with Volatility and MacMemoryze [html]
The Trafgen Expression Language [html]
ARGUS - Detecting Protocols on Non-Standard Ports with Flows [html]
Netsniff-NG (Ubuntu Community & Fedora Wiki) [html, html]
Extract an Attachment from a Phishing E-mail (eml) w/ base64 and sed [html]
Reading Multiple PCAPs - Header Dissection and a Little Cmd-Fu [html]
Extracting SSIDs from PCAPs - Multiple Methods [html]
TCPTrack - Simple TCP Connection Monitor [html]
Hack3rcon^3, The XRG - CTF Challenge #4 Solution - Decrypt PCAP (WEP), Extract file [html]
Case Study #1: Using Traffic Analysis to Investigate an IDS Alert [html]
The Pig Doktah - A Snort Performance Metric Tool [html]
Hack3rcon^3, The XRG - CTF Challenge #1 Solution - Analyze PCAP [html]
tcpdstat - a statistical data program and a compilation fix [html]
Query Interface Bandwidth via SNMP on Cisco Routers [html]
httpry - HTTP logging and information retrieval tool [html]
Mining networks for PII with ngrep [html]
PassiveDNS - Logging DNS requests [html]
APR (ARP Poison Routing) Detection [html]
Configuring a Network Monitoring System (Sensor) Ubuntu Server 12.04 ( Part 1. Interface Configuration ) [html]
netsniff-ng - a high performant packet sniffer [html]
tcpick - tcp stream sniffer and connection tracker [html]
tcpflow - a tcp/ip session reassembler [html]
iftop - finding traffic hogs [html]
tcpstat - Network Statistics [html]
Speedometer - A Graphic Network Throughput Tool [html]
Snort - Offline Analysis [html]
Interface down? - Alerts with ifpps [html]
ifpps - top-like network statistic tool [html]
Automated backups of a SonicWall NSA (or other device) w/ Expect [html]
Nipper - Firewall & Router Configuration Parser [html]
OSX Server - Automated backups of Open Directory [html]
OSX - Remote Logging /Library/Logs [html]
Introduction to Auditing on AIX [html]
OSX Keychain - Administration and Psuedo SSO [html]
Keeping Up With News: An Efficient Approach [html]
Finding Malware by DNS Cache Snooping or by Comparing BRO and PassiveDNS logs [html]
Creating an Anonymization Gateway (Middlebox) with Tor and OpenBSD 4.9 [html]
Creating a Hidden Management Network with IP Aliasing using Linux, FreeBSD, and OSX [html]
Log Query Examples w/ Splunk: [html]
Bash Defensive Measures - Shell History & Logging [html]
Nmap & Ndiff: Detecting Compromised Hosts [html]
OSX 10.5-10.7 - Basic Security Settings [html]
SonicWall NSA - Log Reviews with grep [html]
Understanding Passwords Part 1: Theory, Hashing, and Salting [txt]
Understanding Passwords Part 2: Attacks by Example [txt]
IP Options: RR, SSRR, LSRR [txt]
Notes on Network Scanning [txt]

Awards:

Hack3rcon -- Capture the Flag Winner -- Black Badge Recipient 2010

Certificates:

Learn to Program: The Fundamentals - 2013 - CourseEra, University of Toronto [pdf]
CompTIA A+ Certification - 2007 [pdf]
CompTIA Network+ Certification - 2009 [pdf]
CompTIA Linux+ Certification - 2009 [pdf]
CompTIA Security+ Certification - 2010 [pdf]
Wireshark Certified Network Analyst (WCNA) - 2013 [png]
GIAC Intrusion Analyst Certification (GCIA) - 2014 [tif]

Mentions:

Daniel Borkmann - "Linux' packet mmap(), BPF, and the netsniff-ng toolkit", Dev Conf, Czech Republic [youtube]
Chad Robertson - Volatility Documentation Project [html]
SecurityOnion - "Documentation Team" [html]

Conferences & Workshops Attended:

B-Sides Cincinatti 2014
Pittsburgh Supercomputing Center's OpenACC GPU Programming Workshop 2014
The International Conference for High Performance Computing, Networking, Storage, and Analysis 2013
Hack3rcon 4
2013 NSF Cybersecurity Summit for Cyberinfrastructure and Large Facilities
Derbycon 2013
Bro Exchange 2013
Midwest Open Source Software Conference 2013
Louisville Information Security Commonwealth Conference 2013 [html]
Appalachian Institute of Digital Evidence Conference 2013 [html]
Appalachian Institute of Digital Evidence Conference 2012
Appalachian Institute of Digital Evidence Conference 2011
ISSA Password Exploitation Class (Louisville)
Louisville Metro InfoSec Conference 2008
Louisville Metro InfoSec Conference 2009
HFC Metasploit Workshop (Lousiville)
HFC Metasploit Workshop (Cincinnati)
Ohio Linux Fest 2009
Ohio Linux Fest 2010
Derbycon 2012
PhreakNIC 14
Hack3rcon 1
Hack3rcon 2
Hack3rcon^3
Notacon 6
Notacon 7
Shoecon

Need Help?:

I'm interested in consulting opportunities in the following areas: I will consider other projects depending on their uniqueness and nature.
If you would like to complete a project with me, send me an e-mail about it and we can discuss it further.

I have a reduced, negotiable, and affordable rate for small businesses: $50-80/hr.

Music:

TWS-Animated-Logo

Promo pics: [jpg] [jpg]

I played guitar in part-time touring metal band called The Win System in late high school through early college.
All our music is freely available below.

30 Seconds or Less E.P. - 11-2006 [zip (m4a) , zip (mp3)]


Vocals - Jeremiah Daniels
Guitar - Dustin Biggs
Guitar - Jon Schipp
Bass - Jared Miller
Drums - Jason Hitt
Steaksauce Meltdown E.P. - 07-2007 [zip (m4a), zip (mp3)]


Vocals - Matthew LeClere
Guitar - Dustin Biggs
Guitar - Jon Schipp
Bass - Justin Beard / Justin Ambrose
Drums - Jason Hitt
Demos - Assorted

Vocals - Matthew LeClere
Guitar - Dustin Biggs
Guitar - Jon Schipp
Bass - Justin Ambrose/Jared Miller
Drums - Jason Hitt
Contact, Misc:

jonschipp [(at)] gmail dot com (main)
jonschipp [(at)] jonschipp dot com
irc.freenode.net #sickbit
twitter.com/jonschipp @JonSchipp
goodreads.com/jonschipp
facebook.com/jonschipp
github.com/jonschipp
KC9SKH