PyLoris is a scriptable tool for testing a service's level of vulnerability to a particular class of Denial of Service (DoS) attack. Any service that places restrictions on the total number of simultaneous TCP connections has the potential for vulnerability to PyLoris. Additionally, services that handle connections in independent threads, services that poorly manage concurrent connections, and services that have high memory footprint per connection are prone to this form of vulnerability.
I came across a wonderful idea on Hack a Day recently: a Denial of Service attack that overwhelms only the service under attack. After reading through RSnake's twowriteups, I decided to take a swing at the code. Thus PyLoris was born.
Do you ever find yourself in a protocol sniffing situation where you wish you had the ability to sneak a peak at a TCP stream as it happens? Do you find Wireshark--while certainly a powerful and robust tool--too clunky for quick protocol analysis? Do you have a need to intercept, pause, modify, and resend TCP streams? If so, the folks from Matasano have released the perfect tool for you!
Introducing the Matasano Port Forwarding Interceptor! Simply run the tool from a command line and it builds you a lightweight proxy, allowing you to read, record, pause, intercept, and modify a TCP conversation mid-stream. The tool is simple to use; you picking your remote and local addresses and ports, the tool will bring up two windows--one for viewing and halting traffic, one for editing local and remote traffic. The tool is really simple to use, easy to understand, and it gets the job done.
One of the side effects of working with database driven software is that you eventually find yourself needing to pull in large amounts of information from old and terrible systems. When talking to your counterparts on the other side of the line (the inter-company line, that is), you will invariably be told that you will only receive your data in one of a few straightforwardformats. What follows is a small extension to Python's CSV object which streamlines the process of coding these data transformations.
As my knowledge of Python continues to grow, I find myself using it more in my own systems. This is one of my more useful snippets of code; it allows a Python script to continue running as a daemon even if you log out or your session gets disconnected. A nice side effect of this is that the process is immediately run in the background, returning the user to a command prompt instantly.
I recently came across this job posting in the The Scripts Developer Network forums. It has an interesting brain teaser as a requirement for applying. The brain teaser was stated as: "What is the exponent of the largest power of two whose base seven representation doesn't contain three zeros in a row?" The only stipulation was that the applicant use Python to solve the problem.
