Security Ripcord

Slow week, lots of programming.  Gonna rain this weekend.  Looks like we’ll be hanging out at the library and aquarium.

Leadership

During my bike ride on Monday I heard a blast from the past.

“Raise Your Voice” – Bad Religion

fa fa fafa fa fa fafa Raise Your Voice!
Don’t be played like someone else’s board game
Don’t be classed out like some desolate redoubt
Don’t be misled you’ve got alot on your head
And nobody’s gonna pay attention when you are dead
So: fa fa fafa fa fa fafa Raise Your Voice!
It’s the primary rule, you gotta wanna be fooled
It’s our daunted restraint that keeps us silent in shame
It’s our nature to be adversarial and free
Our evolution didn’t hinge on passivity
fa fa fafa fa fa fafa Raise Your Voice!

Actually, the song from the album begins with the lead singer stating “I think this is song we could redo in every language of every country we go to.”  True.  I think that every security professional can learn a little from these lyrics as well.

What role do security professionals play?  Auditor, monitors, engineers?  Actually, I think we are just members of the team fulfilling specific roles to keep our organization operating smoothly.  But we cannot do so in silence.  We cannot just push out reports, scan  outputs, and presentations on how people and the organization should operate.  These things are too easy to dismiss.  No, we have to do the thing that some of us dread and many more people don’t want to happen.  We need to “raise our voice.”  We need to talk about the issues.  Have open discussions that challenge the status-quo.  We need to confront common issues with new ideas and methods.

What do we accomplish when we are doing this?  Are we trying to get our way no matter what the cost?  No.  We are trying to open minds and continuously adapt and evolve.  We are verbally raising issues so that the conversations lift from the paper and actively carry on in other discussions.  We are forcing people to actively observe the current situation, address our recommendations, accept or counter these recommendations, and improve themselves and the organization.

One trap that is easy to fall into, however, is thinking that we are always in the right.  That our ideas are the correct direction.  I challenge you to “raise your voice” while also keeping your mind open to new information and other possibilities.  I challenge you to find a way to persuade those that don’t understand while also realizing that you may be one of those who does not have a clear vision of the full picture.  I challenge you to be confident yet humble in your expertise and your efforts to improve your organization and yourself.

I challenge you to “raise your voice,” no matter who is in the room.

Training

No training developed this week.  I did, however, take a few minutes to take last weeks quick tip on HBGary’s Fast Dump Pro and turned it into a training document for the rest of the analysts in my team.  Although the tool is pretty easy to use having an internal document for some of the tools that you don’t use on a regular basis is very helpful.  This allows you to quickly re-familiarize yourself with the tool.  It also helps train new personnel to the methodologies of the team.

How can you contribute to your team?  Isn’t there something that you could quickly write up that would benefit everybody?  If you don’t have that type of system in your team, would creating one help?

“Raise your voice.”

Quick Tip

You will need Mark Hammond’s pywin32 and Tim Golden’s wmi.py for this tip.  Basically, I want to show you an easy way to get exactly the system information that you want.  It will be easy to get all of the system information using Win32_OperatingSystem.  Using Tim’s method you can directly access the specific fields that you want. (inserted periods to help with proper indention due to Wordpress stripping whitespace and my need for Python-structure OCD)

import wmi
c = wmi.WMI()
for os in c.Win32_OperatingSystem():
…print os.Caption

But this means that you either have to request each on individually.  This is not so bad and easy if you just want a few specific items.  But what if you want more than a few bits of information?  And what if Microsoft changes the information provided across systems?  You want to be sure that you can access that information without the script failing on you.

To handle this I suggest using a tuple to hold the values of the fields used by Win32_OperatingSystem.  Then run through the tuple using hasattr and getattr to pull the information provided by your call to WMI for the Win32_OperatingSystem information.  Here is an example script .  Of course you don’t have to include everything (as I have done here for clarity).  You can select the fields that are most important to you.  Or, you can include them all and comment out the ones you don’t want.  That way they are easily added in the future when you discover a need.

import wmi

Win32_OperatingSystem_Fields = (
‘BootDevice’,
‘BuildNumber’,
‘BuildType’,
‘Caption’,
‘CodeSet’,
‘CountryCode’,
‘CreationClassName’,
‘CSCreationClassName’,
‘CSDVersion’,
‘CSName’,
‘CurrentTimeZone’,
‘DataExecutionPrevention_Available’,
‘DataExecutionPrevention_32BitApplications’,
‘DataExecutionPrevention_Drivers’,
‘DataExecutionPrevention_SupportPolicy’,
‘Debug’,
‘Description’,
‘Distributed’,
‘EncryptionLevel;’,
‘ForegroundApplicationBoost’,
‘FreePhysicalMemory’,
‘FreeSpaceInPagingFiles’,
‘FreeVirtualMemory’,
‘InstallDate’,
‘LargeSystemCache’,
‘LastBootUpTime’,
‘LocalDateTime’,
‘Locale’,
‘Manufacturer’,
‘MaxNumberOfProcesses’,
‘MaxProcessMemorySize’,
‘MUILanguages’,
‘Name’,
‘NumberOfLicensedUsers’,
‘NumberOfProcesses’,
‘NumberOfUsers’,
‘OperatingSystemSKU’,
‘Organization’,
‘OSArchitecture’,
‘OSLanguage’,
‘OSProductSuite’,
‘OSType’,
‘OtherTypeDescription’,
‘PAEEnabled’,
‘PlusProductID’,
‘PlusVersionNumber’,
‘Primary’,
‘ProductType’,
‘RegisteredUser’,
‘SerialNumber’,
‘ServicePackMajorVersion’,
‘ServicePackMinorVersion’,
‘SizeStoredInPagingFiles’,
‘Status’,
‘SuiteMask’,
‘SystemDevice’,
‘SystemDirectory’,
‘SystemDrive’,
‘TotalSwapSpaceSize’,
‘TotalVirtualMemorySize’,
‘TotalVisibleMemorySize’,
‘Version’,
‘WindowsDirectory’
)

class sysWMI():
…def __init__(self):
……self.wmiObj = wmi.WMI()

…def getSysInfo(self):
……info = {}
……for obj in range(len(Win32_OperatingSystem_Fields)):
………if hasattr(inf, Win32_OperatingSystem_Fields[obj]):
…………print Win32_OperatingSystem_Fields[obj] + “: ” + str(getattr(inf, Win32_OperatingSystem_Fields[obj]))

sysInfo = sysWMI()
sysInfo.getSysInfo()

Personal Input

Happy Birthday #4, Collier!!!   I love you, son.  You are a great son and I am proud to be your father. Although sometimes I raise my voice TO you, I raise my voice FOR you everyday.

Go forth and do good things,

Don C. Weber

---

Help support my training and travel to security conferences. Get your SANS Training and GIAC Certifications through the Security Ripcord.

---

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.