A while ago I wrote a post about using Python to parse tcpdump output for domains and URLs. Recently, I started to wonder if I could take that a step further. What if the DNS requests I saw could be checked against a blacklist in real time? And what if the output was presented in a more useful format? Here’s how I got these new features working.
The life of a SOC analyst – as is the case with many other jobs – can involve a lot of repetitive tasks, including the process of writing tens of similar emails each day. But what if this could be automated, saving time and reducing the potential for error?
There’s a lot more to most websites than meets the eye these days, and I thought an interesting Python project to take on at the start of my Christmas break would be to uncover the extra requests hidden below the surface with some help from tcpdump.
After I managed to pull data from Twitter’s API using Python, I got thinking about what my next step would be. Then it hit me – I could draw data from external sources and find a nice extension to visualise it in some pretty graphs. Plotly is that extension.
If you hadn’t already heard, I’ve been experimenting with some Python recently, trying to build on the foundation that I picked up at the SANS Cyber Retraining Academy. While I’d already had some success playing around with isolated little scripts, I decided it was time to start pulling data from external sources – starting with Twitter.