Remove ^M in vi

:%s/^M$//g

“^M” = Ctrl+v and Ctrl+m

VMWare Shared Folder in Ubuntu

lsmod | grep vmhgfs
modprobe vmhgfs

apt-get install open-vm-dkms
/etc/init.d/vmware-tools restart

mkdir /mnt/hgfs
mount -t vmhgfs .host:/ /mnt/hgfs

sudo vi /etc/fstab
.host:/ /mnt/hgfs vmhgfs defaults,ttl=5,uid=1000,gid=1000 0 0

error C2679

binary ‘+=’ : no operator found which takes a right-hand operand of type ‘BYTE [6]’ (or there is no acceptable conversion)

CString ret;
typedef struct _SID_IDENTIFIER_AUTHORITY {
BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;

ret += sid.IdentifierAuthority.Value;

I just “(TCHAR)” to change the value type like this.

ret += (TCHAR)sid.IdentifierAuthority.Value;

 

CFile::ReadHuge

ReadHuge is provided only for backward compatibility. ReadHuge and Read have the same semantics under Win32.

Source) http://msdn.microsoft.com/en-us/library/aa270527(v=vs.60).aspx

error MSB8031

When you build source code that was being made by VS6 in VS 2013, you may occurred this error message.

Building an MFC project for a non-Unicode character set is deprecated. You must change the project property to Unicode or download an additional library. See http://go.microsoft.com/fwlink/p/?LinkId=286820 for more information.

You can download Multibyte MFC Library for VS 2013. This add-on for VS 2013 contains the multibyte character set (MBCS) version of the Microsoft Foundation Class (MFC) Library.

http://www.microsoft.com/en-US/download/details.aspx?id=40770

 

Gartner Identifies the Top 10 Technologies for Information Security in 2014

Gartner, Inc. today highlighted the top 10 technologies for information security and their implications for security organizations in 2014. Analysts presented their findings during the Gartner Security & Risk Management Summit, being held here through June 26.

1. Cloud Access Security Brokers
2. Adaptive Access Control
3. Pervasive Sandboxing (Content Detonation) and IOC Confirmation
4. Endpoint Detection and Response Solutions
5. Big Data Security Analytics at the Heart of Next-generation Security Platforms
6. Machine-readable Threat Intelligence, Including Reputation Services
7. Containment and Isolation as a Foundational Security Strategy
8. Software-defined Security
9. Interactive Application Security Testing
10. Security Gateways, Brokers and Firewalls to Deal with the Internet of Things

Source: http://www.gartner.com/newsroom/id/2778417?fb_action_ids=10152494306750102&fb_action_types=og.likes

 

Theme #1: Security needs a new architecture
Theme #2: Mobile security
Theme #3: Incident Response is a core discipline
Theme #4: Dealing with advanced attacks

1. Network traffic analysis
2. Payload Analysis
3. Endpoint behavior analysis
4. Network forensics
5. Endpoint forensics

http://www.fireeye.com/blog/corporate/2014/07/key-themes-from-the-2014-gartner-security-summit.html

How to check the link of Network Interface between VMware and OS

I had two network interface on VMware as below. One was made for NAT and other is for bridged. So I just wonder which one is eth0 or eth1 in Linux.

 

First, find MAC address of VMware in a *.vmx file.

C:\VMImage>findstr /C:”.generatedAddress ” *.vmx
SecurityOnion.vmx:ethernet0.generatedAddress = “00:0c:29:1b:48:4d“
SecurityOnion.vmx:ethernet1.generatedAddress = “00:0C:29:1B:48:57“

 

Secondly, find MAC address of Network Interfaces.

root@sensor:~# ifconfig | grep HWaddr
eth0 Link encap:Ethernet HWaddr 00:0c:29:1b:48:4d
eth1 Link encap:Ethernet HWaddr 00:0c:29:1b:48:57

 

In other way, you can check MAC address of Network Interfaces.

root@sensor:~# lspci | grep -i ethernet | awk {‘print $1’} | while read pciid; do echo $pciid $(cat /sys/bus/pci/devices/*$pciid/net/*/address) $(cat /sys/bus/pci/devices/*$pciid/net/*/uevent); done
02:01.0 00:0c:29:1b:48:4d INTERFACE=eth0 IFINDEX=2
02:05.0 00:0c:29:1b:48:57 INTERFACE=eth1 IFINDEX=3

 

And then you can compare both result. In my case eth0 is NAT Network Interface and eth1 is VMnet0 Network Interface.

Exclude something by regular expression on Splunk

Splunk support regular expression when you search. It’s very helpful for those who want to extract or exclude something. One day, I found suspicious domain name like ‘afyblkodyg’, ‘imdcbazmqh’, etc. in proxy log.  Actually, these words are not domain in fact. Anyway, I want to know how often does it happen. So I decided to search such a strange words in the proxy log by Splunk.

Splunk> index=idxproxy
| rex field=cs_host(?<xdomain>.*(?<!\.com|\.co|\.lu|\.net|\.org)$)”
| search xdomain!=”” | table _time, c_ip, xdomain

_time                              c_ip                xdomain
1 4/21/14 5:06:27.000 AM 10.10.250.252 afyblkodyg
2 4/21/14 5:06:27.000 AM 10.10.250.252 imdcbazmqh
3 4/21/14 5:06:27.000 AM 10.10.250.252 nidxikaxyh
4 4/17/14 9:39:43.000 PM 10.10.250.252 stqbnqsfok
5 4/17/14 9:39:43.000 PM 10.10.250.252 bbrsqktfut
6 4/17/14 9:39:43.000 PM 10.10.250.252 dnvujghghr

 

Ads too noisy

Today the advertisement is a great way to get a money, particularly in Internet quite a while. However, it’s too noisy. Here is a sample that is showing the seriousness of media advertisement. Especially, I wanna talk to about Korea News Media. The left side is a web page of Korea News media and the other side is BBC’s.

But, I am not only aware the problem. A below image depicts the whole changes of digital media quite well.Source: http://kindofnormal.com/img/truth_facts/iphone/2013/10/11.png

 

Why are they still using the expired certificate on the web?

KISA, Korea Internet & Security Agency, is in charge of Korea Security as far as I know. However, they are using the expired certificate on their home page.

I want to preserve the their security first.