Targeted personal attacks


Sometimes hackers can do more good in local communities and civil society than agitating about national policy.

On the importance of foundational texts


Every field of study has a set of foundational texts. They may not reflect the state of the art in modern times, but students and practitioners in a given field generally need at least a passing familiarity with them to claim any significant exper...

Understanding honeypots on two axes


With the release of Modern Honey Network by our friends at ThreatStream, lots of folks have started to pay attention to honeypots as a data source again. Traditionally, we have classified honeypots based on their level of interaction. Low-interact...

Maximum likelihood decoding in Python


In fulfillment of one of my 2015 goals, I started reading A Book of Abstract Algebra by Charles Pinter this year. Reading a math book isn't the same as reading most prose. You have to engage with the text in a different way, doing at least as ...

Tech goals for 2015


In preparing for battle, I have always found that plans are useless but planning is indispensable. - President Dwight Eisenhower

Reviewing 2014 tech goals


A little over a year ago, I wrote about my tech goals for 2014. Before writing new ones, I should review how things went last year.

Incident Patterns


Today, Kevin Thompson and I presented at the SANS DFIR Summit on patterns of incident types found within the VERIS Community Database. Our research focused first on identifying interesting patterns within the data set, then examining those pattern...



Combining two of my oldest hobbies (gaming and coding), tries to list as many coding and security "games" as possible. This also includes programming challenges and contests, like Project Euler.

Handling URLs in Python with a wrapper function


Now for a break from Project Euler... In my projects, I find myself frequently retrieving URLs from various servers. Sometimes I need to call a REST API endpoint and other times I need to scrape a site. And like a lot of programmers, I don't l...

2014 Tech goals


While the calendar will flip in a few days, I've had some time off and and naturally have spent some time thinking about the future. What do I want to learn and improve in my technical skills over the next year or so? Most of the following can...