Discover more from hrbrmstr's Daily Drop
Drop #219 (2023-03-14): π Avoidance
lemmeknow; Recog; Teehee
Programming note: I'm having a mix of tolerable and, to be blunt, really bad days with this bout of long covid. Def not looking for solace; I'm at least pretty functional, and that is not the case for thousands of others. But, it does mean you're going to occasionally get late, short, and/or dropped Drops. Today's is both late and short, but I am totally not letting a bunch of spike proteins get the better of me.
As Cap' says, "I can do this all day".
You might have expected today's Drop to be centered around this holiday for maths nerds, but that's just too easy. Besides, I do not have the same fondness for Greek symbols as many of my data science colleagues do. I kinda think the use of them and other funky maths annotations ends up gatekeeping knowledge.
Now that I've offended all the readers with data science/maths Ph.D.'s, let's talk about what is in today's Drop.
I am “fortunate” enough to have odd symbology on both sides [data science | cybersecurity] of what I do for a living. How would you like to have to work with things like
fda8:4f5:5238:4e99:1ca5:df24:269c:5491(an IPv6 address)
9c:76:0e:43:24:1e(a Media Access Control — MAC — address)
18.104.22.168(you know what this is), and
Chances are, you likely have similarly odd symbols outside of maths that you work with to get stuff done, like
ASIAVRWG3MPYWCVNOJFE (a defunct AWS Access Key ID),
ae07a05c-50f4-462f-9fc1-8f104b9ddc3a (a Universally Unique Identifier/UUID).
So, today we cover two tools that help you identify weird, unknown things, and one that lets you look at and edit files in a (depending on your point of view) really odd way. We also go from the esoteric to über niche, but that's OK, since it's helpful to be familiar with some tools outside one's primary domain.
So, about that symbology I mentioned, above. Some of those entities are secrets that do not belong in generally accessible files. Some of them are found in network packets and logs. Others, like cryptocurrency addresses, phone numbers, and the like could be just lying around in random files, and it might be useful to find them
The lemmeknow Rust utility works on streams of data or any individual file (no globs allowed) and uses a library of regular expressions to perform fuzzy matching (you can control your fuzzy tolerance) on the entire contents, and it spits back terminal or JSON output of what it found.
It groks 140 entities, and more are just a PR away.
This tools fits more into a "triage" workflow to help wade through a large volume of items, letting you run more precise/deterministic (and, slower working) tools on a much smaller subset.
Tis simple to install and nice to have around in a pinch, even if you don't "do cyber" for a living. The library of regular expressions could also come in handy, some day, in other projects.
Recog is a "framework for identifying products, services, operating systems, and hardware by matching fingerprints against data returned from various network probes. Recog makes it simple to extract useful information from web server banners, SNMP system description fields, and a whole lot more".
This one is absolutely more niche than
lemmeknow, but if you ever have to process HTTP streams and want more metadata on what you're talking to, Recog can absolutely give that to you.
It, too, is based on a (in Recog's case, vast) library of curated and battle-tested regular expressions, and gets tons of care and feeding from a pretty cool community and central maintainer.
There is a Golang version (CLI and library), which I suggest using, if you're curious about what Recog can do.
I will leave you in the capable hands (see the section header) of Tod Beardsley to get further deets.
While not as robust (or, pretty) as the previously Dropped ImHex, Teehee does a find job making quick work of, well, quick, low-level edits. (Please see the ImHex post for what these “hex editors” are, in the event you aren’t familiar with them).
It refers to itself as a "modal" editor, and you can think of that as the difference between (ugh) Microsoft Word and,
vim. Wikipedia has you covered if you want more of a description of the difference between modal and modeless.
The section header is me editing a packet capture file (PCAP) for completely innocent purposes. (🤙 swear).
Teehee is more focused than ImHex, and also smaller. Folks new-ish to hex editing might want to stick with ImHex, though.
SVB dies and Credit Suisse finds material weaknesses. What financial woes will Wednesday bring? ☮
hex-encoded version of SSH-2.0-PUTTY\r\n, something you would see if you were an SSH server on the internet
#teehee #imhex #recog #lemmeknow #regex