mirror of https://github.com/dirtbags/moth.git
net-re class spam
This commit is contained in:
parent
02299001b6
commit
8002d2d658
|
@ -0,0 +1,18 @@
|
||||||
|
#! /usr/bin/python3
|
||||||
|
|
||||||
|
import smtplib
|
||||||
|
import sys
|
||||||
|
|
||||||
|
smtpd = smtplib.SMTP("mail.lanl.gov")
|
||||||
|
|
||||||
|
template = open("netre-email.txt").read()
|
||||||
|
assert 'RCPT' in template
|
||||||
|
assert 'TOKEN' in template
|
||||||
|
|
||||||
|
for line in open("netarch-tokens.txt"):
|
||||||
|
email, token = line.strip().split()
|
||||||
|
|
||||||
|
print(email)
|
||||||
|
msg = template.replace("RCPT", email).replace("TOKEN", token)
|
||||||
|
smtpd.sendmail("neale@lanl.gov", [email], msg)
|
||||||
|
#print(msg)
|
|
@ -0,0 +1,165 @@
|
||||||
|
From: Neale Pickett <neale@lanl.gov>
|
||||||
|
To: RCPT
|
||||||
|
Subject: Tracer FIRE: Network Archaeology Information
|
||||||
|
|
||||||
|
Welcome to the Network Archaeology course!
|
||||||
|
|
||||||
|
Your token is: TOKEN. Please write this down, but protect it as
|
||||||
|
though it were a password.
|
||||||
|
|
||||||
|
|
||||||
|
Summary
|
||||||
|
--------
|
||||||
|
|
||||||
|
* 8-11 AM and 1-4 PM (US/Mountain), Mon Feb 4 - Tue Feb 5
|
||||||
|
* Get started at http://tf5.lanl.gov/netarch.html
|
||||||
|
* Work at your own pace, using tutorial videos on YouTube
|
||||||
|
* Connect to irc://irc.oftc.net/netarch for Q/A
|
||||||
|
* Use you token (TOKEN) to ask questions and check lab answers
|
||||||
|
|
||||||
|
IRC is going to be the biggest challenge for some participants. We urge
|
||||||
|
you to connect to IRC and test the channel moderation bot before Monday,
|
||||||
|
since we won't be able to help you get connected during the course.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
What to Expect
|
||||||
|
------------
|
||||||
|
|
||||||
|
Network Archaeology is a self-paced course, consisting of tutorial
|
||||||
|
labs and video tutorials on YouTube. Instructors are available on IRC
|
||||||
|
(Internet Relay Chat) to answer questions and provide help as you work
|
||||||
|
through the labs at your own speed.
|
||||||
|
|
||||||
|
When the course begins Monday morning at 8:00AM US/Mountain, log on to
|
||||||
|
IRC, then check the web page at http://tf5.lanl.gov/netarch.html for links
|
||||||
|
to the lab server, an introductory video, and tutorial videos on YouTube.
|
||||||
|
|
||||||
|
After the first 8 labs, we expect you to figure out on your own
|
||||||
|
how to approach and solve problems. We will update the page at
|
||||||
|
http://tf5.lanl.gov/netarch.html with links to more tutorial videos to
|
||||||
|
keep you from getting stuck, though.
|
||||||
|
|
||||||
|
You will see questions and answers in the IRC channel. When you have
|
||||||
|
a question of your own, message the moderator from your IRC client:
|
||||||
|
|
||||||
|
/msg netarch-moderator TOKEN What does = mean in base64?
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Course requirements
|
||||||
|
----------------
|
||||||
|
|
||||||
|
You need:
|
||||||
|
|
||||||
|
* A laptop with Linux or MacOS (Linux preferred, inside a VM is fine)
|
||||||
|
* Wireshark
|
||||||
|
* tcpdump
|
||||||
|
* tcpflow
|
||||||
|
* gcc and make
|
||||||
|
* python3
|
||||||
|
* A plain text or code editor, such as gedit
|
||||||
|
* An IRC client such as xchat or pidgin
|
||||||
|
|
||||||
|
Please have all your software installed and ready to go when the course
|
||||||
|
begins. We will not be available to help with software installation.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Connecting to IRC
|
||||||
|
--------------
|
||||||
|
|
||||||
|
IRC is the technology used by NNSA's Tracer group for collaborative
|
||||||
|
incident response, and it will soon be used by DOE's NSM group as well.
|
||||||
|
If you have never used IRC before, we urge you to test it out before
|
||||||
|
Monday. Neither Patrick nor Neale will be available to provide assistance
|
||||||
|
connecting to IRC after the course begins: please familiarize yourself
|
||||||
|
with IRC before Monday.
|
||||||
|
|
||||||
|
If you are on LANL's collab IRC server, you may join channel #tf5 right
|
||||||
|
now; I am in the channel and would be happy to chat with you. The collab
|
||||||
|
channel is unmoderated, you may ask questions right in the channel.
|
||||||
|
You can skip the rest of the IRC sections.
|
||||||
|
|
||||||
|
If you are not on LANL's collab IRC server, or don't know what that means,
|
||||||
|
you need to connect to the moderated channel on OFTC. You may install
|
||||||
|
any IRC client you like--I use xchat--and tell it to connect to the OFTC
|
||||||
|
network (irc.oftc.net).
|
||||||
|
|
||||||
|
If you can't connect to IRC with an installed client, you may have better
|
||||||
|
luck with the web-based Mibbit (http://www.mibbit.com/). Remember to
|
||||||
|
select the OFTC network, and to put # in front of channel names.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
IRC Channels
|
||||||
|
----------
|
||||||
|
|
||||||
|
There are two OFTC channel for the course: #tf5 and #netarch.
|
||||||
|
|
||||||
|
#tf5 is an unmoderated channel for all Tracer FIRE 5 participants.
|
||||||
|
You may be able to get help from other people (not the instructors)
|
||||||
|
in #tf5. You don't have to join #tf5, though: it's optional.
|
||||||
|
|
||||||
|
#netarch is the course channel, and is moderated. Questions must be
|
||||||
|
sent to netarch-moderator, with your token. For example:
|
||||||
|
|
||||||
|
/msg netarch-moderator TOKEN How do I start a Python shell?
|
||||||
|
|
||||||
|
netarch-moderator will reply saying it has put your question in the queue,
|
||||||
|
and it will send your question to #netarch when the instructors are ready.
|
||||||
|
|
||||||
|
If you provide an invalid token, or don't provide a token at all, the
|
||||||
|
moderator will not respond.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Testing your IRC connection
|
||||||
|
----------------------
|
||||||
|
|
||||||
|
I implore you to connect to IRC right now, join #netarch, and make sure
|
||||||
|
you understand how to send messages to the moderator. You can verify
|
||||||
|
that the moderator sees your token by typing:
|
||||||
|
|
||||||
|
/msg netarch-moderator TOKEN test
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Where to go for technical support
|
||||||
|
--------------------------
|
||||||
|
|
||||||
|
Due to the number of participants we have this year, we will not be able
|
||||||
|
to provide any technical support outside of helping you work through labs.
|
||||||
|
There will be people in the #tf5 IRC channel who may be willing to assist
|
||||||
|
you if you ask nicely.
|
||||||
|
|
||||||
|
For this reason, it is very important that you have figured out how to
|
||||||
|
connect to IRC before Monday. There are many resources on the Internet
|
||||||
|
to help you with this.
|
||||||
|
|
||||||
|
A few of you will be unable to connect to IRC, even after going over
|
||||||
|
the instructions in this email carefully. I apologize in advance for
|
||||||
|
being unable to help you get connected during the course.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
About your Instructors
|
||||||
|
------------------
|
||||||
|
|
||||||
|
Neale Pickett, Los Alamos National Laboratory
|
||||||
|
Neale created the network archaeology toolkit for python, and is
|
||||||
|
the principal organizer of Tracer FIRE. He has been involved in
|
||||||
|
several high-profile incident response efforts across DOE/NNSA
|
||||||
|
since 2005, and has been teaching this course since 2010.
|
||||||
|
|
||||||
|
Patrick Avery, Pantex Plant
|
||||||
|
Patrick, a former and current student of Neale, is one of the
|
||||||
|
biggest advertisers of the network archaology toolkit -- singing
|
||||||
|
its glory from the mountaintops. He has been involved in several
|
||||||
|
high-profile incident response efforts across DOE/NNSA since
|
||||||
|
2009 and has been assisting with this course since 2011.
|
||||||
|
|
||||||
|
The Tracer FIRE Registration and Moderation Fairies
|
||||||
|
The Tracer FIRE Fairies are new in 2013. The Registration Fairy
|
||||||
|
is sorry for sending so many emails, and the Moderation Fairy is
|
||||||
|
sorry you lost your token (which is TOKEN).
|
Loading…
Reference in New Issue