Category Archives: Uncategorized

In memory of Paul Mason

It is with regret that I am writing this because the world has lost a bright light. This page lists the stories people volunteered about Paul. Mainly from InfoSec Twitter but all sorts of lovely people who knew Mr Mason managed to find me. They are included and very welcome.

If you are reading this and you want to add to the list you can use the comments if you prefer, or I will still take them over Twitter if you have that. The intent is that these will be combined and used to produce a photo album or book for his parents.

There will be an effort to remember Paul at the next Glasgow Defcon on Tuesday 1st of September via Discord/Twitch. As Paul was all about sharing knowledge there will be a talk scheduled and then a virtual “wake” after the event where people can share stories. You are all welcome.

Lisha Sterling/@lishevita

Andy Gill/@ZephyrFish

Robert a.k.a Rab Ray

Spoken poetry for 2 hours.

Paul Ritchie/@cornerpirate

One of the many things that I thank @PMason00 for is the insanely generous gift of a travel guitar that he gave me after work took us away for a ski trip.

I got it out and have given it a bash here it sounds great for a wee guitar.

Neither of us wanted to ski. So we had planned a bunch of things to do ranging from lock picking to rocking the hotel to its core.

He handed me this wee travel guitar at Glasgow airport and I think he had some other instrument with him I honestly forget what. We go to check-in and the extremely low budget airline was kicking off about instruments and bags. He frankly charmed the pants off the lady behind the desk.

Said we were a band and had been booked to play a hotel. They had booked our flight and, stupidly, forgot we would need instruments! Then bosh we were checked-in without paying a penny both with an instrument case over the allowance. Witchcraft I tell you. Witchcraft. 

The rest of the company were off skiing. But we were sharing a room. For us it was two days of absolute chillaxing. Up for breakfast, back for a snooze.

Then afternoons were spent passing this guitar around playing songs and talking about all kinds of things. To set this in time we stopped to watch Trump’s inauguration on CNN at one point. 

I tried to hand the guitar back to him at Glasgow airport. He said something like:

“No man you keep her. Take care of her she seems to like you”.

He stubbed out a cigarette and was off in a taxi while I tried to process the insane generosity of that action.

I installed it as the office guitar. Which @longjonsouza said “brought the promise of music” to us.

I was going in two days a week back then and I made sure I was in early to belt out songs before 8:30am. If I was stressed I would break it out. I would also infamously play it during job interviews from that point on. I think @__shabab__ was the only one to survive the new more rigorous application process.

Look if you cannot crack a password while someone plays the Mario theme badly at you are you even a hacker? This guitar has now survived my house move and it sits in my new dedicated office room right next to me.

Part of moving to a house with a garden came with a picture in my head of me and Paul sitting out there playing songs and relaxing as the summer sun toddles off to the west.

Instead as I stood out there for the first time as the owner of the place I got the call from his father breaking the sad news. While I won’t be out there with him. I will be playing his beaten and much loved travel guitar.

Don’t worry Paul I am taking good care of her.

Love you. 

Clare Cavanagh/@Clarecav01

Stefano Sesia/@StefanoSesia

Lewis Binnie/@LewisBinnie1

Daniel Dresner/@DanielGDresner

Cooper/@Ministraitor

Campbell Murray/@zyx2k

James Hemmings/@MrJamesHemmings

d4n_tweets

Josh Fraser/@jishf

Steve Porter/@SteveDPorter

Jon/@Candlelands

Miguel Marques/@z0mbi3

Lorenzo

“Paul and I were colleagues. Even though we parted ways, I’ll always remember him for the little time we shared together. How he showed up at a customer meeting once wearing just everyday clothes, proudly stating (and I quote) ‘he would never wear a suit again because he has been a teacher and had had enough of that’. And then he brought to the table the most amazing and interesting stories and managed to “connect” with people and just made everything great while showing the same customer a degree of knowledge, professional attitude and passion that I’ve seldom seen elsewhere. Immediately, no matter who they were, no matter their background or language or stance in life, he just made friends.

When he talked – and he could talk a lot! – he absolutely captivated the audience like no one. Even in a crowd of hundreds, you could always feel he was talking to you and to you alone.

He helped – always, at any time, without asking too many questions when questions were a nuisance. He was always there. Always. He just .. gave freely and never, ever asked for anything back. He showed me what it means to enjoy a conversation, to be proud of what you do and find the fun side in everything. He made me laugh to the point of crying, even though English isn’t my first language. He talked about his family at times, especially his dad, about his life and achievements and funny stories and I wish we could have had that famous beer and listen to more.

I’ll always remember him. In some small but meaningful ways he changed my life when I switched careers and moved onto the cyber security side of things. He believed in me so much, and I think I made him a little bit proud.

I’m pouring myself a whisky now, and my thoughts are for all the people whose life he steered in better directions. I’m sure there’s more than he could imagine; I hope others will reach out to you to show how proud you should be of him.

My sincerest condolences.”

Youri Van Der Zwar/@yourniz

Paul Fennell/@Digit4lbytes

John A Ferguson/@jafwords

I’ve known him for 15 years. I loved his take on the world and loved his wisdom. We taught together and as much as he left that world of secondary teaching behind him I know that he made a massive difference.

The children that Paul taught loved him. He was a phenomenal English teacher and helped shape the lives of so many young people. The pupils looked up to him and respected him. He was forward thinking and helped shape some of the ways we teach that many will just take for granted now.

He was a champion of interdisciplinary learning, allowing pupils to see the link between all of the subject areas found in school.

What cyber security gained, we definitely lost in education and it was a huge loss. The pupils who had Paul as a teacher will remember him fondly, and his friends who taught with him will miss him deeply.

Infospectives/@trialByTruth

Callum/@dangerwank

Tallulah/@tallulahjc

Giovanni Interi

I first met Paul at a company meeting where he delivered a fantastic talk about education and IT security I was impressed at his vast knowledge both technical and human.

We worked in the same company for a while, not on same projects however, and had opportunities to exchange very interesting conversations. What was transpiring always from being in contact with Paul was … his BIG HEART. Even when he wasn’t happy with someone or some situation. He really had time for everyone, would discuss any subject and would respect different views, and choices. When he expressed his, Paul was always able to explain clearly and unequivocally.

On one of the ski trip mentioned in these memories he was so attentive to the trip companions and also to the other passengers on the plane close to us. I remember he started talking to a Jewish passenger (distinguishable by his traditional clothing and looks) with a genuine interest of their life and faith and showed a solid historical and contemporary knowledge of their lifestyle and traditions. That particular chat impressed me particularly as it highlighted his openness and respect of all walks of life.

One particular moment of that trip was snapped in a ‘friendly’ snooze in the smoking room of the Hotel where we were staying:

A pile of Paul’s (Paul Mason, Paul Johnstone)

Thank you Paul! Rest in peace!

Gio

Teaching Moments

Hello all,

2019 was a total washout. 2020 cornerpirate started doing things differently. By taking positive actions (as you can see from the “Captain’s Log” monthly series). A summary where I track the good and the bad that happened in a month.

The departure from the cyber security focus of this blog was a decision I wrestled with, but I simply needed to vent that stuff somewhere to make myself accountable to erm.. well, myself really.

Part of my positive actions schtick meant I saw a need for a speaker for Glasgow Defcon (DC44141) in February and grabbed it. This was me getting off the bench and trying to pass on knowledge to anyone who wanted to listen.

This has resulted in the TeachingMoments repository over on GitHub. Nothing unique about it. Just another voice in the whole wide Cyber Security community trying to help. Free of charge and available for you to play with.

Motivated and on the ball for 2020.

Take care, and share whatever you know.

Hindsight is 2020 – When 2019 didn’t happen

This is a post to myself really. One where I want to whinge once to get it out of my head and then stick the marker down for how we just skip over 2019 in my history so that it didn’t really happen. Not doing this for sympathy I am just looking to get it out of my head and really the focus is on the positives at the end. This post is an open diary entry I can come back to later.

Physical Health

Rewind to Christmas Eve 2018 and I was sat in an empty GP waiting room looking at the “get your flu vaccine here” posters, pondering whether it was unseemly to have a crack at that toy abacus while nobody was looking. Trying to keep my mind off speculating on the results to blood tests taken a few weeks before. I had never been asked to come in for test results previously so presumed it meant something.

I had gone in due to persistently low energy levels where I literally couldn’t stay awake beyond 2pm. The Dr had asked about my lifestyle and stopped at how old my kid was and chalked it up to lack of sleep.”Get more sleep” I was advised. Pretty challenging to achieve when a kid screams to see you every hour throughout the night. Any-who.. It felt like a fair cop as they say and so I had already resolved to sleep more by that point.

I shuffled in to meet probably the 9th different GP in a row to get told I had my first disease of old age. Gout! Nothing serious but they wanted to put me on a pill from that day until the day I die. To me that felt a bit premature since it seemed you could probably treat yourself with the usual alterations to your lifestyle: lose weight, drink less booze, and drink more water.

I walked out without the prescription resolved to make those simple changes first. From the day after boxing day onward I climbed that mountain of walking ten thousand steps a day. I maintained that for months. If anyone saw me for work during that period I was literally pacing in meetings and drinking water like it was going out of fashion. The results added up pretty quickly and I even celebrated needing an entirely new wardrobe because my trousers were all about to slough off in a most unseemly manner!

Then the bad luck kicked in as spring got into full swing. A run of weeks out of the game due to infections turned into months where I was unable to leave the house and I went stir crazy. During the hottest week of the year, you were probably outside having a lovely time. I was spiking a crazy fever and finding it impossible to stay hydrated.

All of this was unrelated to my diagnosis but it definitely triggered me to accept the medication at the next opportunity. I just did not want to be stuck in a bed any longer so that I could ultimately continue with the exercise and behaviour changes that had been working for the first few months of 2019. If gout kicks off you get 2 weeks in bed and in agony so going on the medication was supposed to reduce the risk of it. Sign me up I said!

I got put on the magic pill but the GP neglected to put me on an industrial strength anti-inflammatory and had not stated I needed to even take ibuprofen along with it. They said “take Ibuprofen for 2 weeks BEFORE starting the pill”.

I read up about my new medication and know that once you start it you do not stop for any reason other than a Dr saying so. It is the kind of thing that takes ages to build up into your system and comes with a shopping list of side effects until your body can cope with it.

By the time I presented to my 10th new GP in a row to ask about the side effects I had been stuck in bed for a further 10 days as a result of the medication triggering a monumental attack of gout. I could barely stand by the time I hobbled round the corner and the GP almost broke professional courtesy to go yell at the last guy I had spoken to for NOT prescribing an anti-inflammatory at the same time. I got the feeling if I was in the US they would assume a lawsuit for such a failure.

I said “don’t yell at him. But strongly remind them to not do that ever again and tell him it was an absolute living nightmare”. I believe that mistakes are learning opportunities and fortunately I came through it unscathed.

Holidays

In 2019 we had four holidays paid for and planned. We have not left the country in years but we booked a holiday a long time ago. Guess what? It was the week BREXIT was originally scheduled to happen. We booked before article 50 was dropped. Not wanting to be stuck in any chaos when an opportunity presented itself to cancel free of charge we took it. Then the deadline moved and we could have gone unimpeded. Oh how we regretted that since I think it was before the run of infections kicked in. How different 2019 might have been.

The next holiday was booked for a caravan park near Edinburgh. Guess what? A massive weather warning for travel came into force for the day we needed to drive there and was going to cover the entire period. It was unlikely that any of the events were going to be on due to the weather. So in a last minute call we didn’t bother leaving home. Why take children to a place with less to do than their own house to sit and listen to rain hitting the roof of a caravan? Logical, but no refunds possible.

We drove to Stonehaven in July. Everyone else in my family was sick for the duration. I was fine for once in the entire summer, but nobody else was. We were stuck in an airbnb seemingly designed to torment:

  • DVD player built into TV with a disk jammed inside. Pride and prejudice was likely the culprit if that helps make it worse somehow?
  • Freeview box capable of hundreds of channels but not CBBC or CBEEBIES.
  • An endless supply of massive flies just bumbling about inside the property at all times. Escort them outside and back in they came through some unknown means.

Devoid of ways to entertain sick kids it was perhaps not the relaxation I was hoping for :D.

In possibly the low point of the year I went outside with my acoustic guitar to sit in the garden and play. We don’t have a garden at home. The big selling point of Stonehaven was to have the outside space to play about in and maybe get some family over for a BBQ. I was determined to at least sit in the garden and play some songs. So when my nursing duties lulled I eagerly bowled outside.

I was in danger of having a moment of joy in 2019! I was on holiday. Nobody was yelling for attention. The sun was baking me outside and I had a guitar. One or two songs in a seagull shit all over me, all over the guitar, and it will never not smell like shitty fish again. Good game 2019 you absolute bastard!

Next up. The holiday we had out of obligation going to America to see the sister in law get married. Love the sister in law, she is a class act. But we knew this one was going to be an absolute nightmare with long haul flights, children, and the general procedure for 2019 being a bastard. Guess what? There was a BA strike… Oh absolutely guys. Yeah you can get there but you’ll be stuck in the USA. Want us to refund the entire thing?

Stuck in the endless cycles of telephoning them to sort us out we came pretty close to just taking the refund and making apologies. They found us an alternative route back which was going to be a bit worse than the original itinerary but YOLO lets actually go on a holiday we have paid for this year.

The flights were awful. The sleep patterns for the kids were thoroughly wrecked. We return back with a sick child diagnosed with Croup by the NHS. “Croup”, a disease which sounds so Victorian you think it might come with a moist sponge base. It was no laughing matter and several days of recovery were required.

In summary all the holidays were an absolute nightmare and no relaxation was achieved.

Mental Health

I have had a few struggles with burnout during my career. It absolutely happens folks. I have been pretty good at spotting it happening and taking action so it hasn’t happened for several years. But due to a mix of physical health and hilariously bad attempts at relaxation 2019 was the year to finally break me again.

As summer flipped to winter and the clocks went back the youngest kid just stopped going to bed anywhere near bedtime. Consistently. Night after night after night after night. It went on and on and only just started to get better now over the Christmas holidays. Instead of going to bed for several hours at 8pm they would now not even entertain sleep until 11pm. Then only in hourly chunks before waking up for reassurance.

There is a reason sleep deprivation is part of interrogation techniques. You have no defences once you are routinely starved of sleep. Since November/December I was fluctuating pretty near collapse with the lack of sleep. We were hiring baby sitters just to get some sleep it was really that bad.

It has triggered a series of panic attacks which are just absolutely exhausting in themselves. If you have never experienced one then you are pretty lucky. I would not recommend them or wish one on even a mortal enemy.

It is like the moment when you survive a road traffic accident only you are probably just sitting on a train and everything is fine. A surge of adrenaline to allow you to take flight or fight some unknown crisis. Your heart rate goes right up, you feel a tightening in your chest where you start to think “ok well, I am dying now at least I lived a good life full of love and tried to help”.

The first couple of these happened several years ago but I took action then and they went away. Turns out I can look forward to these whenever I am overly stressed and unable to sleep for a protracted period of time too.

Imagine living in a state where you constantly think about your own mortality like it is going to end momentarily. But it isn’t. You have the heart of an Ox and it isn’t actually broken. That is where long chunks of December have been spent in my head. It is also true that I am now much much better at coping with them. I can alter the dialogue in my mind. Centre myself and recover from it. Still they are pretty exhausting.

As anticipated the Christmas hiatus has given me space from work and a bit of relaxation. I have been able to get some extra sleep, spend time with the wife, play with the kids etc. It has been the tonic I needed to start sorting things out.

What of 2020 then?

I know I need to attack the causes of stress in my life to improve on 2019. Post Christmas day I have already started re-implementing the new behaviours which I started back in January 2019:

  • Walking 10k steps every day – so far so good.
  • Going to bed way earlier than I used to – so far so good.
  • Getting actual respite on weekends – meaning childcare on Saturdays and Sundays so that alone time and time with the wife becomes possible.
  • Indulging hobbies which are away from the screen – now that I am walking again I am going to try the audiobook and podcasts malarky. I purchased a yamaha keyboard before Christmas and can now do you several songs playing the chords. Lots of fun doing that.
  • Stay hydrated – it is medically required now to drink tonnes of water!
  • Reduce the booze – I always feel better when I take whole months off anyway. Since kids came around I haven’t really been out raging it large anyway :D. But, reducing calories in at the same time as creating time to indulge possibly new or more varied activities AND winning more restful sleep into the bargain is a good idea.
  • Lose weight – what news yearsy list would be complete without that? I was doing really well for months last year. I haven’t even put on all the weight I lost so go me. Starting from a lower point anyway. Easy!

To future Cornerpirate. How did you do? Don’t let me down.

Network Adapter names in Windows for Hackers

Sometimes you will need to test from a Windows environment. To cite merely two examples:

  • if you have busted out of a Citrix locked down environment and are now installing tools; or
  • if the customer wants you to simulate a rogue internal user with one of their Workstations (I love doing this personally!).

These come up relatively regularly in my life but not day to day. The biggest one is really: you just want to do some work and your host OS is Windows!

In those situations you might miss the friendly and warm embrace of “eth0” and that ilk we have under Linux. If you want to install and run Responder or Wireshark or whatever you will need to know your interface names.

Solution

Rename your adapters to mean something to you! Not complicated. Windows allows you to do this via “Control Panel” -> “Network and Internet” -> “Network Connections:

rename-adapters

Pick a name that makes sense to you and be on your merry way. I renamed things to “Ethernet”, “Ethernet 2”, “WiFi” etc so I knew what they were. These names are then persisted within Wireshark when I tested it so it seemed like a good idea to me.

The rest of this blog are just random thoughts on Adapter Creep, and ipconfig rants if you want to stick around that is your choice!

Adapter Creep: How we got here

The number of network adapters has been on the increase in the last decade. You may have:

  • Ethernet
  • WiFi
  • VPN Connections
  • Virtualised Interfaces (for VMWare, VirtualBox etc)

I personally find it a pain to read the output of “ipconfig” or sift through the drop downs in tools. This is another reason I decided to start renaming adapters.

Rant about “ipconfig”

The following in your command prompt will display the list of adapter names you currently have:


ipconfig | findstr "adapter"

The usage instructions for “ipconfig” do state that you have a “where” clause which can let you interact with specific interfaces:

ipconfig

Based on attempting this myself many years ago, and on the various Stack Overflow and forum responses I just saw on trying to use that “where”, I am going to conclude that this doesn’t work well enough for anyone.

I had hoped that explicitly setting the name of the adapter would make this easier but somehow “*Ethernet*” does nothing as far as I can see.

Solutions are out there to get what you want with .bat files, or VBS etc. Fairly hacky was to do basic networking tasks.

Netsh seemingly to the rescue

In reading the forum posts I did find a tip about using “netsh” instead of “ipconfig”. While this feels like a much much bigger tool for the job. It is possible to properly query details of specific interfaces only. So sharing the syntax in case it helps:


netsh interface ip show address name="WiFI"

Where the address name is exactly the name of the adapter.

 

Jython and it’s java.nio.charset.UnsupportedCharsetException

 

I have been working on an Extender for Burp Suite (a local proxy which allows you to check for common problems and security weaknesses). While the proxy is written in Java it is common for the Extender’s to be made in Python.

Jython is the glue that keeps Java and Python working. My Extender had the need to execute python so I redirected the Standard Out and Standard Error streams to a MessageConsole.

Redirecting Standard out and err

The code for doing this is shown below:

// Redirect standard out and err to the MessageConsole
MessageConsole console = new MessageConsole(this.output);
console.redirectOut();
console.redirectErr(Color.RED, null)

Note: I might not leave this as the final product because I have just found this reference:

http://www.jython.org/javadoc/org/python/util/PythonInterpreter.html

Which indicates that “setErr” and “setOut” might work better for me somehow. However, that is a side show.

With the above code if you click the “Execute” button you trigger an event handler with this code:

// Get the python code from the text area
String python = pythonTextArea.getText();

// Show user that something is happening
setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR));
PythonInterpreter interp = new PythonInterpreter();

// Run the user python in the Jython interpreter.
interp.exec(python);
// Close the interpreter
interp.close();

// Now our task is over show the user it is done.
setCursor(Cursor.getPredefinedCursor(Cursor.DEFAULT_CURSOR));

Pretty simple; get me the python code, start an interpreter, execute, and close the interpreter.

UnsupportedCharsetException: cp0

Using the above code you will see that you get our pesky “UnsupportedCharsetException” on first execution of Jython as shown below:

unsupportedCharsetException.png
That makes for an unsightly error. It is not a blocker because as you can see the JOptionPane displayed its message after. But an error appearing to users is going to erode their trust in your software. Particularly since this happens once per execution. After it is displayed it seems Jython then selects an OK character set and plays happy from there.

Looking into it the exception is because the Java Virtual Machine has not been launched with an appropriate run-time parameter. According to the reference below:

https://wiki.python.org/jython/ConsoleChoices

You should be able to fix the problem by launching your Java process like this:

java -jar <yourexecutable> -Dpython.console.encoding=UTF-8

There are other Console Choices available. But this seems to be a way to prevent the error. This is also the accepted answer on bug trackers and forums across the Internet.

It seems possible to use a “jython registry” to apply this setting but that means shipping files with your tool or making users create them. It seemed messy when what I guess we really want is a way to set the character set somehow as a property of instantiating the “PythonInterpreter” object. That doesn’t appear to be in the API so we can only dream of that.

The Right Solution

The legend that is Paj working over at PortSwigger these days fired in this nugget:

Which effectively is the programmatic interface to interacting with run-time parameters. This solution works perfectly when I tested it. The code for this is below:


System.setProperty("python.console.encoding", "UTF-8");

// Redirect standard out and err to the pythonOutput textpane
MessageConsole console = new MessageConsole(this.output);
console.redirectOut();
console.redirectErr(Color.RED, null);

That got the job done right. If for some reason you are unable to use that. Then I have maintained my hilariously hacky solution which somewhat did the same job.

The Hacky Solution

In the realm of writing Burp Extenders I am not able to really influence how users launch their instance of Burp (so that -D approach is not likely). Nor would I imagine PortSwigger (the vendor) taking the time to cater for this edge case by making everybody launch burp a new way! Quite rightly too.

This means I came up with a hacky solution which avoids the errors for users:

// Here comes the dirty, dirty hack!
PythonInterpreter interp = new PythonInterpreter();
interp.exec("a=1+2");
interp.close();
// Yup. Launch the interpreter and do nothing of significance
// Do it before setting up your STDOUT and STDERR redirects

// Redirect standard out and err to the pythonOutput textpane
MessageConsole console = new MessageConsole(this.output);
console.redirectOut();
console.redirectErr(Color.RED, null);

I am going to need a shower. This feels particularly dirty even for me.

Folks from Google. You are welcome!