Is my network traffic lying to me? Most malware authors don\u2019t seem to spend a lot of effort trying to blend into network traffic. I\u2019m pretty sure the reason for this is \u201cthey don\u2019t need to\u201d. By identifying legitimate HTTP requests based on browser request structure we may be able to, more easily, identify malicious traffic. This notebook will focus on some ways to gather legit browser requests, understand them, and use that data to find non-legitiate requests.\n",
"
\n",
- "** All Code and iPython Notebooks for this talk http://clicksecurity.github.io/data_hacking **\n",
+ "** All Code and IPython Notebooks for this talk http://clicksecurity.github.io/data_hacking **\n",
"
\n",
"Tools:\n",
"\n",
@@ -1654,11 +1654,11 @@
"cell_type": "markdown",
"metadata": {},
"source": [
- "### There's also a neat iPython notebook on generating regular expressions\n",
+ "### There's also a neat IPython notebook on generating regular expressions\n",
"#### xkcd 1313: Something is Wrong on the Internet!\n",
"\n",
"\n",
- "The iPython notebook uses a strategy to find a regex that given two python sequences matches the first but ensures that it does not match the second using a [set cover technique](http://en.wikipedia.org/wiki/Set_cover_problem) and or'ing the components together.\n",
+ "The IPython notebook uses a strategy to find a regex that given two python sequences matches the first but ensures that it does not match the second using a [set cover technique](http://en.wikipedia.org/wiki/Set_cover_problem) and or'ing the components together.\n",
"Please see: http://nbviewer.ipython.org/url/norvig.com/ipython/xkcd1313.ipynb for more info."
]
}
@@ -1666,4 +1666,4 @@
"metadata": {}
}
]
-}
\ No newline at end of file
+}
diff --git a/dga_detection/DGA_Domain_Detection.ipynb b/dga_detection/DGA_Domain_Detection.ipynb
index 172cba3..936c0c8 100644
--- a/dga_detection/DGA_Domain_Detection.ipynb
+++ b/dga_detection/DGA_Domain_Detection.ipynb
@@ -12,7 +12,7 @@
"metadata": {},
"source": [
"## Exercise to detect Algorithmically Generated Domain Names.\n",
- "In this notebook we're going to use some great python modules to explore, understand and classify domains as being 'legit' or having a high probability of being generated by a DGA (Dynamic Generation Algorithm). We have 'legit' in quotes as we're using the domains in Alexa as the 'legit' set. The primary motivation is to explore the nexus of iPython, Pandas and scikit-learn with DGA classification as a vehicle for that exploration. The exercise intentionally shows common missteps, warts in the data, paths that didn't work out that well and results that could definitely be improved upon. In general capturing what worked and what didn't is not only more realistic but often much more informative. :)\n",
+ "In this notebook we're going to use some great python modules to explore, understand and classify domains as being 'legit' or having a high probability of being generated by a DGA (Dynamic Generation Algorithm). We have 'legit' in quotes as we're using the domains in Alexa as the 'legit' set. The primary motivation is to explore the nexus of IPython, Pandas and scikit-learn with DGA classification as a vehicle for that exploration. The exercise intentionally shows common missteps, warts in the data, paths that didn't work out that well and results that could definitely be improved upon. In general capturing what worked and what didn't is not only more realistic but often much more informative. :)\n",
"\n",
"### Python Modules Used:\n",
"- Pandas: Python Data Analysis Library (http://pandas.pydata.org)\n",
@@ -3862,7 +3862,7 @@
"metadata": {},
"source": [
"### Conclusions:\n",
- "The combination of iPython, Pandas and Scikit Learn let us pull in some junky data, clean it up, plot it, understand it and slap it with some machine learning!\n",
+ "The combination of IPython, Pandas and Scikit Learn let us pull in some junky data, clean it up, plot it, understand it and slap it with some machine learning!\n",
"\n",
"Clearly a lot more formality could be used, plotting learning curves, adjusting for overfitting, feature selection, on and on... there are some really great machine learning resources that cover this deeper material. In particular we highly recommend the work and presentations of Olivier Grisel at INRIA Saclay. http://ogrisel.com/\n",
"\n",
@@ -3879,4 +3879,4 @@
"metadata": {}
}
]
-}
\ No newline at end of file
+}
diff --git a/fun_with_syslog/Fun_Syslog.ipynb b/fun_with_syslog/Fun_Syslog.ipynb
index 0e6cd9a..546beb3 100644
--- a/fun_with_syslog/Fun_Syslog.ipynb
+++ b/fun_with_syslog/Fun_Syslog.ipynb
@@ -60,7 +60,7 @@
"cell_type": "code",
"collapsed": false,
"input": [
- "# Lets take a peek at our system.log, with iPython you\n",
+ "# Lets take a peek at our system.log, with IPython you\n",
"# can execute system commands with '!' (also see %alias)"
],
"language": "python",
@@ -835,7 +835,7 @@
"metadata": {},
"source": [
"#### Please note the D3 vis below is embryonic, hoping to make it super cool...\n",
- "To run the visualization in your web browser, here we're using port 9999 instead of standard 8888 because we may have iPython already running on 8888:\n",
+ "To run the visualization in your web browser, here we're using port 9999 instead of standard 8888 because we may have IPython already running on 8888:\n",
"\n",
"
\n",
"> cd data_hacking/fun_with_syslog\n",
@@ -872,4 +872,4 @@
"metadata": {}
}
]
-}
\ No newline at end of file
+}
diff --git a/sql_injection/sql_injection.ipynb b/sql_injection/sql_injection.ipynb
index 918c266..cca2ae1 100644
--- a/sql_injection/sql_injection.ipynb
+++ b/sql_injection/sql_injection.ipynb
@@ -17,7 +17,7 @@
"\"SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements areA SQL injection attack consists of insertion or \"injection\" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.\" -OWASP\n",
"
\n",
"
\n",
- "** All Code and iPython Notebooks for this talk http://clicksecurity.github.io/data_hacking **\n",
+ "** All Code and IPython Notebooks for this talk http://clicksecurity.github.io/data_hacking **\n",
"
\n",
"Tools:\n",
"\n",
@@ -1571,7 +1571,7 @@
"metadata": {},
"source": [
"### Conclusions:\n",
- "The combination of iPython, Pandas and Scikit Learn let us pull in some junky SQL data, clean it up, plot it, understand it and slap it with some machine learning!\n",
+ "The combination of IPython, Pandas and Scikit Learn let us pull in some junky SQL data, clean it up, plot it, understand it and slap it with some machine learning!\n",
"\n",
"Clearly a lot more formality could be used, plotting learning curves, adjusting for overfitting, feature selection, on and on... there are some really great machine learning resources that cover this deeper material. In particular we highly recommend the work and presentations of Olivier Grisel at INRIA Saclay. http://ogrisel.com/\n",
"\n",
@@ -1583,4 +1583,4 @@
"metadata": {}
}
]
-}
\ No newline at end of file
+}
![](\"files/images/fingerprint.jpg\")