Aviation Across America

Jim Clausing's handler page

Handler Pictures

Another year, another SANSFIRE picture.
I wasn't there for the 2009 mass handler picture, but I did give a SANS@Night talk.

#SANSFIRE Jim Clausing, ISC Handler,Presents Bldg an Automate... on Twitpic


and not the famous "shoes" picture

From SANSFIRE 2007:


This is a group of us that got together to watch fireworks the evening before the conference began. Left to right: Lorna, Johannes, Swa, me, Marc Sachs, and Mike Poor. And below, we have the infamous "handlers in leather jackets" picture.

And, of course, here is the picture from SANS NS2004 in Las Vegas.

That would be (from left to right) Johannes Ullrich, Dan Goldberg, Tom Liston, Brian Granier, me, Marc Sachs, and Koon Yaw Tan.


I also happen to be a pilot, so here is a picture my daughter took as we were coming in for a landing at the airport from which I do most of my flying.

My son got his license the day after I got my instrument rating, so here we have the 2 pilots in the family.


I've written a little perl script (yes, I know it doesn't do much) to take a stream that consists of the server->client side of an HTTP conversation and strips off the HTTP headers. I use it to extract files downloaded during web sessions when I have a pcap capture of the session. The script is here

And, in doing malware analysis, I like to have some idea of the packer being used. I like PEiD, but it is Windows only and isn't command-line so it is difficult to script. After I saw a posting about Ero Carrera's pefile, I decided he had already done the hard work, so I wrote packerid.py which uses a peid database like this one (updated 2009-05-15 16:00 UTC) or Neil's collection (note new location) or this one from Panda. Mine includes a few additional signatures or changes that I've found recently. I've been in contact with Neil about getting them merged back into his and/or released with PEiD itself.

And here is a little script that I threw together to gather some whois and DNS info on IP addresses that may be involved in malicious activity. Here is ip-as-geo.pl (updated: 2014-01-11)

Here is a script I wrote to parse out DNS queries and responses from a pcap. dumpdns.pl

And, here are the tools that I've written or updated to handle IPv6 traffic. Note, the NetPacket-0.43.2.tar.gz is the version required by pngrep.pl. The current version in CPAN will not work and I haven't had time to fix my code to work with the newer version. Sorry.


Here are the slides from my SANSFIRE2009 talk and the tools/scripts/patches can be found here.
Here are the slides from my Nashville ISSA talk 2006.

And, finally, my ISC PGP/GPG key can be found here.

Well, okay, here is my real final word.

My ethnically enhanced global village name is Hailama Lyaksandro.
Take The Global Village Multi Culti Name Generator today!

My dragon name is Jarmore the All-Seeing (Blue Dragon).
Take Dragon Name Generator today!
Created with Rum and Monkey's Name Generator Generator.

LogoThere are:
people with my name
in the U.S.A.

How many have your name?