en-us https://www.intensedebate.com/users/515625 Comments by tompohl http://tompohl.com/2013/09/10/defcon-21-network-forensics-puzzle-contest/#IDComment882847098 In wireshark, when you follow the TCP stream, you will see a drop-down where "Entire Conversation" is the default selection. Choose the option in the drop-down for the bigger piece of the conversation (172.29.1.50:1024 -> 172.29.1.55:1024 819200 bytes) and the radio button for "raw" and simply choose "Save As..." to output it to a file! Tue, 30 Sep 2014 18:36:30 +0000 http://tompohl.com/2013/09/10/defcon-21-network-forensics-puzzle-contest/#IDComment882847098 http://tompohl.com/2013/09/10/defcon-21-network-forensics-puzzle-contest/#IDComment851440442 Thanks! I've had a lot of fun the last couple years doing it! I hope to make it back again this year. Mon, 7 Jul 2014 15:34:43 +0000 http://tompohl.com/2013/09/10/defcon-21-network-forensics-puzzle-contest/#IDComment851440442 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment649289161 After resuming, what does the following command output 1 line with a pid or 2 lines? ps auxww |grep loginwindow |grep -v grep |awk '{print $2}' If it outputs more than 1 line, it may need to be modified to grab 1 specific pid. Also, if you do fast user switching with another user, that could be causing you the issue. Fri, 24 May 2013 16:07:46 +0000 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment649289161 http://tompohl.com/2012/05/16/hacking-the-nike-fuelband/#IDComment366711859 Nice! That is fantastic work! I was starting to think I was the only one interested in getting at the data! :) Fri, 25 May 2012 00:55:18 +0000 http://tompohl.com/2012/05/16/hacking-the-nike-fuelband/#IDComment366711859 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment297573018 I know it works under Lion. The trick to using launchctl bsexec is to use the PID of loginwindow process of the interactive user. From a ssh session try this: ps auxww |grep loginwindow |grep -v grep |awk ‘{print $2}’ Take the output number from that command (let's say it's 100) and then run the isightcatpture command: launchctl bsexec 100 /path/to/isightcapture image.jpg That should trigger the camera and save an image.jpg file in your current directory. Mon, 20 Feb 2012 23:29:41 +0000 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment297573018 http://tompohl.com/2011/06/26/mud-sweat-and-tears/#IDComment166994277 Geo Caching is a crazy location based treasure hunt of sorts! People place small containers out in the wilderness and register it with geocaching.com and others go and find it. They are hidden literally everywhere all over the world! Mon, 27 Jun 2011 02:08:04 +0000 http://tompohl.com/2011/06/26/mud-sweat-and-tears/#IDComment166994277 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment114468696 The php script wouldn't do much since latest.jpg doesn't exist :) Here, add a second line under the curl line I suggested earlier: curl -T /.locateme/images/taken/$datetime.jpg -u $USER:$PASS $BASEURL/latest.jpg Wed, 8 Dec 2010 11:19:13 +0000 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment114468696 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment114359131 doing an ftp upload via curl would be an easy modification to the go.sh script: Change: /usr/bin/curl -u $USER:$PASS -F uploadedfile=@/.locateme/images/taken/$datetime.jpg $BASEURL/ to: curl -T /.locateme/images/taken/$datetime.jpg -u $USER:$PASS $BASEURL And also change $BASEURL in locateme.conf to something like ftp://mywebhost.com/uploaddir/ The only thing that you'll miss out on is where the php script symlinks the latest image to latest.jpg, but it would at least get the file out to the server! Tue, 7 Dec 2010 22:04:55 +0000 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment114359131 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment114343877 It is in the directory named .locateme (with the '.' on the front). Files/folders in unix/osx that start with a '.' are hidden so they won't show up in Finder, but they are there. If you follow the step-by-step instructions, it should work! Tue, 7 Dec 2010 20:29:55 +0000 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment114343877 http://tompohl.com/2010/11/30/kryptos/#IDComment113787969 If you hand solve the 6 letters that spell BERLIN based upon the keyed vigenere cipher with the same alphabet as the first two parts that would be the 6 letters that would match. If the answer is something like the same cipher but done twice the letters would be wrong but in the same place for the second decryption. Sun, 5 Dec 2010 01:47:18 +0000 http://tompohl.com/2010/11/30/kryptos/#IDComment113787969 http://tompohl.com/2010/06/04/dear-google-you-impress-me/#IDComment78538995 Ha! Indeed! That was a great day :) Fri, 4 Jun 2010 18:42:08 +0000 http://tompohl.com/2010/06/04/dear-google-you-impress-me/#IDComment78538995 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment67415669 Great catch! I've updated the tgz file so anyone else who downloads it will benefit from your find! Mon, 12 Apr 2010 16:03:38 +0000 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment67415669 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment59241071 Which part do you think isn't working? Does it take pictures and place them in /.locateme/images (either its send or taken subfolder)? You won't be able to browse to the /.locateme folder directly from Finder since it is a hidden folder, but you can get there by choosing "Go"->"Go to Folder ..." from the menu in Finder. Mon, 1 Mar 2010 19:39:34 +0000 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment59241071 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment53798310 If you look through my server-side code, you'll see that I make a call out to api.hostip.info to get a rough idea of where the machine is based upon source ip. It is fairly accurate. I was debating about using a service that returned the gps coordinates, but didn't think it would be very accurate because it wasn't taking into consideration BSSIDs of networks physically near by like the iphone or ipod does! Mon, 25 Jan 2010 14:54:23 +0000 http://tompohl.com/2010/01/23/howto-track-your-mac/#IDComment53798310