Home lab [jpg] [jpg] [jpg]
I am a Security Engineer for the National Center for Supercomputing Applications
I have a great deal of interest in unix-like operating systems and information security, and most
specifically, intrusion detection, traffic analysis, and the practice of network security monitoring.
Through trial, error, and some good fortune, I've gradually developed an affinity for coding and have
been spending much of my free time improving.
I spend the other half of my leisure time dabbling in ideas and intellectual history, from social theory
and philosophy to political science and economic thought. I enjoy Sushi Sundays with my girlfriend, Haley,
...and I can play a mean game of volleyball.
classic version [pdf]
- Obtain Master's degree in Information Security
- Working knowledge of Scapy w/ Python
Bro programming language w/ Bro-IDS
- Gain red team experience (help?)
- Study forensics, laws and
Finish community docs for netsniff-ng
- Libpcap and socket programming in C
Get ewhois-query shell script in working state
jonschipp.com - My personal page
sickbits.net - Southern Indiana Computer Klub (Founder)
dclinux.org [archive] [defunct on 08312013] - Dubois County Linux User Group (Founder)
Free and Open Source Contributions:
bro-scripts - Collection of Bro scripts I've written
pps - Prints PPS, BPS, and percentage of line-rate for a network interface.
mal-dnssearch - A malware host detection and prevention script that handles multiples logs
malcachesnoop - Defensive malware cache snoop shell script
metacapng-test - PCAP-NG Metadata recon tool in python *in progress*
ewhois-query - Shell script to query the ewhois database from the cmd-line
gencfg - A Trafgen configuration generation and syntax testing tool written in bash
netsniff-ng - Documentation and minor commits for a high performance suite of networking tools [html, etc]
securityonion - Enhancements for the popular NSM Ubuntu-based Linux distribution [html, html, html]
Intrusion Detection and Packet Analysis: Using Bro to Gain Network Visibility -- ITT-Tech, Newburgh, IN Oct 31, 2013 [pdf, txt, jpg]
Netsniff-NG Toolkit -- Hack3rcon^4 Oct 20, 2013 [youtube, mp4, ogv, pdf]
Netsniff-NG Toolkit -- Derbycon 2013 Sept 29, 2013 [youtube, pdf]
A Look at the Netsniff-NG Toolkit: A High Performance Suite of Networking Tools -- Midwest Open Source Software Conference, University of Louisville May 18, 2013
[html, pdf, png]
Intro to Network Traffic Analysis -- Hacker Hotshots, Concise Courses Feb 12, 2013 [html, youtube]
A PCAP Workshop -- Hack3rcon^3 Workshop Oct. 19-21, 2012 [html, [pt1:youtube, avi, mp4, ogv | pt2:youtube, avi, mp4, ogv], txt, odp, pdf] [video mirror] \
- (Slides used in course, "Hacking Techniques and Intrusion Detection", Ali Al-Shemery, Assoc. Prof., Princess Sumaya University for Technology (PSUT))
An Introduction to Traffic Analysis: A Pragmatic Approach -- Marshall University, AIDE Conference May 21-25, 2012 [html, youtube, avi, mp4, ogv, odp, pdf] [video mirror]
FOSS for Unix Administrators -- Vincennes University, Jasper Campus 2011
What's Under Your Hood: Implementing A Network Monitoring System -- Hack3rcon 2 Oct. 21-23, 2011 [youtube, avi, mp4, ogv, ppt, pdf] [video mirror]
Dubois County Linux User Group Presentations:
Automated Distributed IDS w/ SecurityOnion -- DCLUG May 9, 2013 [html]
X11 forwarding w/ SSH -- Ibid.
XQuartz (X11 replacement) on OSX -- Ibid.
MacTex Distribution on OSX -- Ibid.
GeoIP w/ Wireshark -- Ibid.
Rpcapd (Windows) -- Ibid.
Intro. to Github -- Ibid.
Ewhois-query script -- Ibid.
Ninite application updater (Windows) -- Ibid.
Mandiant's Redline (Windows forensics) -- Ibid.
Cisco - Configure SPAN ports -- Ibid.
Wireless Hacking -- DCLUG Feb 3, 2013 [html]
Messing with PCAP's Containing Raw Wireless Traffic -- Ibid.
A look at LaTeX -- Ibid.
Writing Security Tools with Bash -- Ibid.
A Brief Look at the Linux Network Stack -- DCLUG November 4, 2012 [html]
A Detailed, High-Throughput /etc/network/interfaces configuration on Ubuntu Server -- Ibid.
Getting Things Done with awk/gawk -- DCLUG August 5, 2012 [html]
Netsniff-NG - a Performant Sniffer -- Ibid.
ifpps - Network Stats -- Ibid.
vnstat - A Console Based Traffic Monitor -- Ibid.
CPU Affinity and Interrupt Binding on SMP systems -- Ibid.
Primer on Shell programming with sh/bash -- Ibid.
A Look at a Production Sensor/NMS -- Ibid.
Interface/Network Stats on Linux ( ifpps, tcpstat, atsar ) -- DCLUG June 3, 2013 [html]
Network Stress Testing on Linux ( hping3, trafgen, iperf ) -- Ibid.
sed primer -- DCLUG April 8, 2012 [html]
Bash Editing Modes: vi and emacs -- Ibid.
Bash Globbing (expansion) -- Ibid.
htop - a better top -- Ibid.
A Brief Look at BPF Assembler -- Ibid.
Networking with Linux -- DCLUG December 4, 2011 [html]
Introduction to Moving Text Files Between Windows and the Unices: newlines, carriage returns, tr, sed, od, hexdump -- DCLUG November 16, 2013 [html, txt]
FreeBSD: sockstat -- Ibid.
Network Throughput Testing with iperf -- DCLUG October 2, 2011 [html]
An Introduction to PF -- DCLUG September 4, 2011 [html]
Remote Logging with syslogd -- Ibid.
Host Intrusion Detection with OSSEC -- Ibid. [odp]
Keeping Time with ntpd -- DCLUG August 7, 2011 [html, odp]
Remote Logging with syslogd -- Ibid.
(DNS) Transaction Signatures in BIND -- Ibid.
Using netstat - A Look into the Networking Subsystem -- Ibid. [txt]
Intro to GPG -- DCLUG April 3, 2013 [html, txt]
OpenSSH with Pub-Key Authentication -- Ibid. [odp]
Passwords in Depth: Hashing, Salting, Storage, and Attacks -- DCLUG February 6, 2011 [html, odp]
/home files -- DCLUG November 7, 2010 [html, odp]
smbclient/mount.cifs -- Ibid. [zip]
netcat -- Ibid.
Network Tools -- DCLUG October 3, 2010 [html, zip]
Working with Bro Logs: Queries by Example [html]
Creating a Minimal Bro Cluster [html]
NSM Sensor Perspectives - Examples of a Topology Map [html]
Snorby's Asset Manager - Convert and Upload /etc/hosts [html]
Packet Loss Under Light Load: Invalid Packets or Line Noise? [html]
OSX Live Memory Forensics with Volatility and MacMemoryze [html]
The Trafgen Expression Language [html]
ARGUS - Detecting Protocols on Non-Standard Ports with Flows [html]
Netsniff-NG (Ubuntu Community & Fedora Wiki) [html, html]
Extract an Attachment from a Phishing E-mail (eml) w/ base64 and sed [html]
Reading Multiple PCAPs - Header Dissection and a Little Cmd-Fu [html]
Extracting SSIDs from PCAPs - Multiple Methods [html]
TCPTrack - Simple TCP Connection Monitor [html]
Hack3rcon^3, The XRG - CTF Challenge #4 Solution - Decrypt PCAP (WEP), Extract file [html]
Case Study #1: Using Traffic Analysis to Investigate an IDS Alert [html]
The Pig Doktah - A Snort Performance Metric Tool [html]
Hack3rcon^3, The XRG - CTF Challenge #1 Solution - Analyze PCAP [html]
tcpdstat - a statistical data program and a compilation fix [html]
Query Interface Bandwidth via SNMP on Cisco Routers [html]
httpry - HTTP logging and information retrieval tool [html]
Mining networks for PII with ngrep [html]
PassiveDNS - Logging DNS requests [html]
APR (ARP Poison Routing) Detection [html]
Configuring a Network Monitoring System (Sensor) Ubuntu Server 12.04 ( Part 1. Interface Configuration ) [html]
netsniff-ng - a high performant packet sniffer [html]
tcpick - tcp stream sniffer and connection tracker [html]
tcpflow - a tcp/ip session reassembler [html]
iftop - finding traffic hogs [html]
tcpstat - Network Statistics [html]
Speedometer - A Graphic Network Throughput Tool [html]
Snort - Offline Analysis [html]
Interface down? - Alerts with ifpps [html]
ifpps - top-like network statistic tool [html]
Automated backups of a SonicWall NSA (or other device) w/ Expect [html]
Nipper - Firewall & Router Configuration Parser [html]
OSX Server - Automated backups of Open Directory [html]
OSX - Remote Logging /Library/Logs [html]
Introduction to Auditing on AIX [html]
OSX Keychain - Administration and Psuedo SSO [html]
Keeping Up With News: An Efficient Approach [html]
Finding Malware by DNS Cache Snooping or by Comparing BRO and PassiveDNS logs [html]
Creating an Anonymization Gateway (Middlebox) with Tor and OpenBSD 4.9 [html]
Creating a Hidden Management Network with IP Aliasing using Linux, FreeBSD, and OSX [html]
Log Query Examples w/ Splunk: [html]
Bash Defensive Measures - Shell History & Logging [html]
Nmap & Ndiff: Detecting Compromised Hosts [html]
OSX 10.5-10.7 - Basic Security Settings [html]
SonicWall NSA - Log Reviews with grep [html]
Understanding Passwords Part 1: Theory, Hashing, and Salting [txt]
Understanding Passwords Part 2: Attacks by Example [txt]
IP Options: RR, SSRR, LSRR [txt]
Notes on Network Scanning [txt]
Hack3rcon -- Capture the Flag Winner -- Black Badge Recipient 2010
Daniel Borkmann - "Linux' packet mmap(), BPF, and the netsniff-ng toolkit", Dev Conf, Czech Republic [youtube]
Chad Robertson - Volatility Documentation Project [html]
Conferences & Workshops Attended:
The International Conference for High Performance Computing, Networking, Storage, and Analysis 2013
2013 NSF Cybersecurity Summit for Cyberinfrastructure and Large Facilities
Bro Exchange 2013
Midwest Open Source Software Conference 2013
Louisville Information Security Commonwealth Conference 2013 [html]
Appalachian Institute of Digital Evidence Conference 2013 [html]
Appalachian Institute of Digital Evidence Conference 2012
Appalachian Institute of Digital Evidence Conference 2011
ISSA Password Exploitation Class (Louisville)
Louisville Metro InfoSec Conference 2008
Louisville Metro InfoSec Conference 2009
HFC Metasploit Workshop (Lousiville)
HFC Metasploit Workshop (Cincinnati)
Ohio Linux Fest 2009
Ohio Linux Fest 2010
I'm interested in consulting opportunities in the following areas:
I will consider other projects depending on their uniqueness and nature.
- Network and Host Intrusion Detection e.g. Snort, Bro, OSSEC, etc.
- Building performant PCAP recording machines.
- Implementing logging solutions for indexing and storage.
- Network security administration e.g. firewalls, proxies, spam filters, etc.
- Penetration tests and vulnerability assessments
- Server administration for Linux, FreeBSD, OpenBSD, OSX, and other unices.
If you would like to complete a project with me, send me an e-mail about it and we can discuss it further.
jonschipp [(at)] gmail dot com (main)
jonschipp [(at)] jonschipp dot com