Friday, June 1, 2018

3 quick tips for sec pro folks: firefox screenshots on the command line, clearing the memcache & swap on linux, & rss syntax of common blogging sites, OSX "raw disk device" aka why dd is slow on Macs

Here's a micropost of several one-liners that you might also find useful:


  1. Firefox screenshots from the command line
  2. Clearing the memory cache & swap
  3. Time-saver: Syntax of RSS feeds of popular blogging sites
  4. OSX raw disk device (why dd is so slow on OSX)


Create screenshots of webpages without opening Firefox.

Folks on twitter said this works even more efficiently (i.e. in pentesting) that other larger tools.  From
https://twitter.com/Cherokeejb_/status/996166771739709440, and Credit @botherder, (@amnesty / @citizenlab / @swborders ) for originally sharing this.


Since Firefox 57, the -screenshot flag allows you to take screenshots of websites.

The basic usage is:  /path/to/firefox -headless -screenshot https://reddit.com/r/PositiveNews


This creates a full-height screenshot of the site (here "Positive News" on Reddit), in the active directory called screenshot.png, with a viewport width of 800px.

You can omit -headless when using -screenshot, as it is implied:

I found the entire "headless Firefox" manual here on the Mozilla developer website. It's mostly used for automated testing of different types of web applications and sites.


Clearing the memory cache


I lead one of two weekly discussion groups about security books, which is hosted out of the BrakeSec Slack website of the Brakeing down Security podcast [sic].   The other, "main" group is hosted by David Cybuck.

Here's a link to Chris Sanders giving a nice shout out this week, to our latest session:  https://twitter.com/chrissanders88/status/1002188191779184642

The topic came up, off hand, while we were talking about Cyber Risk Measurement last month, and somehow the question came up about different types of RAM in a linux system, and how to clear them.  Yes, application, "used" memory would be typically cleared after a restart or other power or magnetic event--that is why in forensics you take the volatile things first.  But there are also several ways of clearing the "RAM disk cache."  Don't forget also the swap file on the disk. The references are directly below.

1. Clear PageCache only:   # sync; echo 1 > /proc/sys/vm/drop_caches


2. Clear dentries and inodes:  # sync; echo 2 > /proc/sys/vm/drop_caches


3. Clear PageCache, dentries and inodes:  # sync; echo 3 > /proc/sys/vm/drop_caches 


4.  Clear the swap space (on disk):  # swapoff -a && swapon -a


As with everything on Linux, there are probably several other ways of doing this!


Basic, interesting links on this topic:


RSS syntax of blogger, medium.com, and wordpress


I shared this originally on twitter, and it inspired this extra "mini-post" today.

Knowing sites' rss syntax is very useful to me, because I love RSS.  Actually I'm hoping to create research time to really learn the in's and out's of RSS and XML, as well as json, as these seem constantly useful in infosec.    I love lean, text-based websites, especially for reading.

Sometimes the browser doesn't give these feeds up to you so easily, especially if you are blocking javascript, as many security folks do!  Sometimes even grep'ing the html source takes a few tries.

You can add a blog to your reader this way, or read it on a low-resource-bearing webpage by knowing this syntax.  All you need is the person's name or site name used on the site.  Here are three examples (substitute below "$user" with the name of the blog).

Medium.com

https://medium.com/feed/ @"$user" 

For example, one of my newer favorite blogs, focused generally on "red teaming" and the management, psychology, and strategy of great teams, Tim MalcomVetter's blog:

WordPress


https://"$user".wordpress.com/feed/

An example here is one of the BrakeSec slack members, Aaron Gilliland, aka Amish Hacker:

He's documenting here his path into learning more about security and red-teaming... way to go man!

Blogspot (Blogger.com, Google)

https://"$user".blogspot.com/feeds/posts/default

For example this blog right here, that you are reading now:

A lot of sites use this blogger engine as well, just with their own domains, so the syntax is very similar.

...there is also a feed for comments; leave one here with your own nice one-liner tricks!



Bonus:  OSX "raw" disk device

Have you ever noticed how slow writing usb or media cards using dd, on Macs is?  That is because you are probably using the wrong device!   I actually thought until recently this was some form of DRM that OSX was deploying, because it took so long, until recently, I had never seen one even finish.

For example, use dd if=/path/to/yourlinuximage.iso of=/dev/rdisk2 bs=4194000

Type first diskutil list , or use the Disk Utility application to find the name of the disk you want to write to.

To write a linux image onto the raw disk device, for example of an inserted SD card that you want to write on a raspberrypi, instead of writing it to, e.g. /dev/disk2 in the example above.  Use the block size appropriate for your media.   This will go much faster.  This is because on many BSD-based systems, the disk devices are a few abstraction layers away from the actual disk metal; it is different than linux.  You learn something everyday!


The new "LinkedInSecureMessage"​ ?

With all the talk of secure messenger applications lately, I bet you’d like to have just one more, right? In the past few weeks, we’ve noti...

Follow by RSS