Canada Vist -Toronto and dinner with friend

This past week I got to go up to Toronto to work on a case and I meet up with a friend.  Lots of work and lots of conference hours to address the situation.  But I got to have a great dinner with my friend and on the day of departure I able to get out and see the RC Tower. I should be able to find some picture sometime in the future....

Long overdue updates ...

First off: I moved down to San Diego, CA this spring and moving into the house has gone well. Its been a busy year. Plenty to do with my work at IBM. Sometime in the midst of moving and work I got took care of the CEH and EnCE certifications out of the say. It helps with a number of the Army certification requirements but in each case, these certification attempts take up a considerable amount of time to prepare for and negotiate.

Last week I did get to see my boss for the first time since he was assigned to our team. I had an opportunity to go into Boulder, CO and work alongside with him and others from the team. We got
more work to do but I am glad I got a chance to meet up and put in some good work.

Still busy this weekend as its drill weekend. I am still working my tail off to get out from underneath a mountain of other work (change of address, tax forms, you name it- its on my TODO list.)

Christmas Parade in town

This weekend we figured it would be great to get out on Friday night and get in the annual Christmas parade. So at about 4:30PM we set out on the road and went into town. Jason had a great time with the event.

Here is where Jason had settled down for the parade and ready to watch the procession of the floats.

Jason got a flag handed to him during the event and he had the greatest time with it.

Malware analysis

I have been doing a great amount of examining malware samples. A few weeks ago I posted about going to a memory forensics class at HBGary, Inc. As a result I have looked at a handful of malware samples and have begin to make inroads into further understanding.

One key area of study has been close examination of the code and API calls. It can get really involved, but here is a taste of what a sample of code would look like.

Stay tuned as I continue to work this angle more and develop my craft in this area.

Neat training and cold drive

Lately I have been busy with some work. Last week I got to go to Sacramento, CA to attend training at HBGary's corporate site. The three day Responder course is a great offering and if you are in anyway involved in malware analysis or reverse engineering, then the course is for you. Check out their training site here.

Besides the training and all the neat insight into interpreting Windows API's, I had a pretty cold ride to and from Sacramento. I found a day before the trip that the car's heater apparently stopped working. This weekend when I got back I worked on fixing the heat, while listening to Journey. Good times. I found the heater control arm, which is made of plastic, had somehow broken off and no longer pulled the caliper cable to adjust the heater core vent. So a small drill and 3 tie-locks later, I had that problem fixed.

Big Boy Bed

Jason has had gotten a new bed and made the move from the crib. He seems to be going for the 'Cars' theme lately and you can see just how thrilled he is with it

Birthday party for Jason

Jason had a pretty good time at the birthday party for him the other day on Saturday afternoon. Here you get to see him on one of his presents (which was put together). He helped in the construction.

Jason's Birthday today and been away lately

I am excited about getting back home. Today is Jason's birthday and he is two (2) years old! So I am trying my level-best to remind myself to call home around the time he will wake up and start his day to wish him happy birthday.

The past couple weeks have been exceptionally busy and I have been traveling about since my last post. In fact I had USAR weekend drill the past weekend and soon after that, I few out to LA to do some consulting. Its gone pretty well so far and I made some great progress in the project this week.

Looking forward to coming home and being with my family. Let's see what kind of seat I get on the plane today...

Finally received my replacement battery & Jason's Letters/Numbers game

A few weeks ago I discovered there was a problem with my Dell Mini-9's laptop. So I ordered a replacement battery and luck would have it, I found a larger capacity battery. On Thursday it arrived and it looks like it will do the trick, very well and much longer.

So I also loaded a couple software packages and I found one that Jason might like. Its called Linux Letters and Numbers (and its available as a Ubuntu/Debian package). Its works by displaying a keypad with the numbers and letters. When a key on the keyboard is depressed a representative label comes up with a picture and sometimes a voice announcement. For instance, "A" will bring up a picture of an apple, along with the letter A, and an adult's voice saying "Apple".

Jason liked it when I brought it out and he started pressing every key, many many times. However, when he found the Tux Penguin show up when he pressed the "P" key he was overjoyed. Here is a pic of him engrossed in the fun.

Recent court stuff, exam, and putting furniture together

This past week I had a lot of things going on.

First I had to appear at the superior county court for jury duty. The short story is that what was shaping up to be a month-long civil case ended up with all of us propsective jurors being thanked and excused after three days of service.

Then on Satureday I was in San Francisco to take the (ISC)^2 CISSP exam. The exam is a pretty intense exam that tests the broad knowlege of 11 domains of computer information security principles. After I was done and submitted my exam answersheet to the supervising proctor, I felt I was pretty exhausted. I will find out what the results were in a few weeks.

Just after the exam, my wife picked me up from the testing location and gave me news that she found something for Jason. She went to IKEA while I was undergoing the exam and bought a work table suitable for Jason to use. (If you are curious, its Sansad.) I just finished putting it together and it looks pretty good. So far he likes it.

4th of July weekend

Jason had a great time this weekend with some outdoors time. We got to go over to the park on Satureday morning. Then later that afternoon we decided to put the kiddie pool out in the backyard, fill it up with water and introduce Jason to the summer fun past-time. Lets just say Jason was introduced to the pool. We'll leave it at that. In all he had a great time.

Long overdue posting from Memorial Day weekend

A long while ago before the end of May, I hoped to post a few pictures of Jason having a good time in the local park. I had take Jason over to the park on that Saturday and we hung around the monkeybars for a while.

Then the next day the whole lot of us went out to the park again to fly kites. It was rather low wind day so it was trouble keepingt the kite u in the air. The times it was up, Jason would help out holding onto the line and he really enjoyed it.

Right afterwards, I had to go out on an consulting engagement and I was there for a while. But now I am back and we got a chance to resume our trips to the park

Jason building things (part II)

You've already seen where Jason likes building towers and structures with his jumbo blocks in a recent posting. But now we have had many instances of fun and Jason is showing his enjoyment in another way with the blocks he builds with....by knocking them down! He seems to take great pleasure in seeing them built up to some height, then he swats them over as seen here.


For those that are interested, here is how I got the picture:
I took some video with a digital camera and I captured the destruction. Then I was able to edit the clips with Avidemux to pull out this frame into a .JPG image. I was really impressed on how easy it was to use Avidemux as I have never done anything with digital video editing before. But I saw this as something easy install to add to my Dell Mini netbook running Ubuntu Linux 9 and I had to try it this application.

I think I found a new source for photos...

Talk at SCU

Yesterday evening I drove over to Santa Clara University and was given an opportunity to deliver a guest presentation. The Computer Engineering department has an Information Assurance track for the CE major for the graduate program. So for about an hour I got to talk about computer security incident response.

One of the favorite slides I like to bring out into the presentation is the deobfuscated java script code in web logs. What this means to people outside of the business is where malicious computer code comes across to critical web servers but in such a way that it is hiding its content from inspection, until it gets to the web server. When it arrives at the web server, the obfuscation is removed and the true nature of the content is revealed but then its too late to intercept the malicious code from doing harm to the web server.

Afternoon walks to the mailbox

So Jason has gotten accustomed to a couple things as he grows up. First, when he wants me to read a book to him, he will lift it up, putting it in my hands and then scramble over to the sofa to sit on it and wait for me to join him and read to him. The reading is rather cute becasue he seems to make the pages go by pretty quickly to get to the parts he likes most. Its a fun thing.

The other thing that's fun to do with him is that he goes along for walks. This usually happens when we go pick up mail at the mailbox around the corner from the house. So yesterday we put socks and shoes on him before heading out the door so he would have an opportunity to walk around a bit or at least part of the way. I've included a picture that was taken as we were coming back to the front of the house.

Been busy lately

I've been out of the office and away from for a couple weeks. I had some training down in San Diego. Soon after when I got back, I hit the road again for a customer visit. for the time being I am back here and sorting through all my stuff.

Technical training in San Diego

Hi Everyone. Since the last posting, I completed my annual training in Dublin and currently I am undergoing another course of technical training, but this time for my employer. While it sounds like my head is going to get flooded with information and that would be pretty close to the truth. But the nice thing is that this is a benefit to all parties involved so I do it all with a big smile.

Currently I am taking the SANS 504 (Hacking, Exploits, and Incident Response) course and its being taught by John Strand. He is an accomplished computer security professional and he carries himself well in the position. Its about the most enjoyable and interesting class I have had the privilege to be a part of. I am certainly getting a lot of the course and would defiantly recommend it to anyone suited for the subject.

Army, and Mission Peak hiking

This week I am on orders for the Army Reserve and I've begun my annual training. I am in Dublin, CA for the next couple weeks.

Yesterday I starting in on a bandwidth-measuring project (using MRTG) to gather some information and I had a couple issues getting all the required packages loaded for it to run. (It now appears to be working as I wished for.) In the morning I called my family to see how how things were going and how Jason was going about his day. Then in the afternoon a Army collegue and I hiked up to Mission Peak (which is part of the nature preserves within East Bay Regional Parks. The peak is about 2517 feet above sea level.

It took us an hour and 15 minutes to get to the monument at the top of the peak. The view out there is great and you can actually see much of the Bay Area and Silicon Valley from the summit.

I hadn't an opportunity to any sort of hiking since leaving active duty army in 1995 so this was a good deal to do. It was an enjoyable experince to go up to the top and get a work out at the same time. It might be something I should factor into my time off whenever I get some. In addition, I got so see some really nice plant

life that I hadn't seen in a long while, such as this California Poppy.

In addition to the trees and flowers, I happened upon a real-live rattlesnake on the way down. I was back on my way down the trail to go to return home and this snake was laying smack-dab in the middle of the path. I managed to not get bit or attacked, but also got to see the snake slither away a bit into the grass, prepare to lunge (as in a prelude to an attack), and hear the distinctive rattle sound the reptile makes. Check this out....

Ahhh...Nature.

Bubbles everywhere

Jason was outside today in the backyard and he was having a blast with the soap bubbles we got to blow around the yard. Here are photos of the fun.

Quakes and BBQ-ing

On an important note, Baja California (BC) experienced an earth quake this afternoon that was of a pretty significant magnitude. However given our location well inside the Central Valley of California, we did not feel any of it during the reported time it took place. (The hyperlink above goes to a Wikipedia image for a visual reference to the location of BC.) So all is well and nothing here was affected to what we can tell. (I was at the store at the time getting garden hardware and did not notice anything out of the ordinary.)

This weekend was a quiet Easter holiday. I got the backyard lawn mowed and tended to. And to top it all off we got to use the gas BBQ today. So I cooked up some chicken, hotdogs and Bocaburger (faux, non-meat,) patties. (No, no cooked Easter eggs or chocolate Easter bunnies!)

While on that subject...Jason got to do an Easter egg hunt today in the living room and he had a pretty good time of it. We have a few pictures of the Easter basket we put out for him and staged, as well as Jason going throughout the living room till all the eggs were revealed. Later i will gather those and post them here. But in all, it was a really great weekend.