You have three seconds

You have three seconds

by Ted Witulski/USA Wrestling

Taken from The Mat

Times have changed. When TV was first introduced to the American culture the popular sit-com at its inception was the Honeymooners. The Honeymooners, in retrospect, is far removed from today’s TV programming. “Pow right in the kisser”, the often delivered line was about the only eye popping excitement from the show. Especially when viewers consider that each of the half-hour Honeymooner shows was filmed with one stationary camera.

Then along came Gunsmoke, it was revolutionary because it used multiple cameras. Of course the multiple camera angles, of between three to the late episodes of seven, is hardly revolutionary anymore. Most football games on television have more cameras covering a single play. From the quarterback’s reception of the snap from center, to the one-on-one battle between the receiver and the d-back, every aspect of a single play is covered quickly.

Have you ever watched a child watch MTV? Eyes barely open, bodies slouched, even when they are interested in the show, they appear disinterested. MTV long removed from the days of Honeymooners has taken TV to a whole new level. Forty years ago teenagers watched the Honeymooners and were satisfied with the lone camera angle. In today’s fast paced society MTV changes the camera angle on average at least once every three seconds.

The blur of images and sounds is what the coach is up against when organizing a two-hour practice after a long day of school for the students. Every practice is another challenge to sharpen these athletes mental edge and draw them deeply into the sport.

Unfortunately, to reach those athletes, it seems you only got about three-seconds.

Don’t just throw your arms up in disgust. Each coach needs to recognize the necessity of a well organized and ever changing practice routine to keep wrestlers attention. The infectious enthusiasm of the start of the new season will eventually dissipate. A practice that always follows the same routine will eventually become monotonous. Always look to make the greatest impact on wrestlers at each practice.

There are many ways the coaches can assure that the impact that they want to have on their team remains strong. USA Wrestling’s National Coaches Education Program encourages coaches to seek out and use a variety of methods in obtaining the attention of its athletes during a season of practices.

Warm-ups often become a routine that varies little throughout the season. The team warm-up sets the tone for the practice. If wrestlers only go through the motions then the risk is that a sub-par warm-up will lead to a disappointing and emotionless practice.

A practice routine shouldn’t just be a tired and slow jog in a circle. There is literally hundreds of ways wrestlers can warm-up to start a practice. Encourage the team leaders to take charge in pacing wrestlers through different beginnings of practices. Possibilities might include a warm-up based on crawling drills and tumbling drills. A warm-up for another day might include hopping and jumping drills. A strength building warm-up using buddy carries is another way to get the juices flowing. Coaches that setup a practice with a fun and varied warm-up will capture the team’s attention with greater ease.

Remembering that the time coaches have to make an impression on the wrestling team is exceedingly short and unfortunately dictated by a declining attention span. Coaches should front-load the technique that needs to be emphasized. When wrestlers need to learn technique from a coach, often the coach relies on a lecture model that is commonly used in the classroom setting. The danger inherent in this is that kids have gone through a day of classes that similarly have used this format.

When a coach needs to lecture his team on the specifics of technique it is strongly suggested that the coach use visual-aides, to help “entertain” the team by holding their attention longer. Coaches will often demonstrate the technique on a wrestler, but other visual-aides such as video of a team member in a match using the technique can help hold the team’s attention. Further the use of a dry erase board gives the wrestlers another way to focus on the technique at hand.

To heighten the impact of the technical demonstration coaches can write a precise phrase on the chalkboard to serve as a backdrop. If the team is learning the importance of moving off the bottom, a coach might write, “COIL UP—YOU’RE A SPRING”. Keep in mind that these wrestlers are the same kids that average better than five hours of television watching a day. It is imperative for coaches to consistently work to capture and hold their attention in practice.

Another common mistake made by coaches is to try to teach too much in that short fifteen to twenty minutes where the wrestlers are tuned in. Don’t try to cover a concept of neutral wrestling and then switch to a reversal technique. If it is necessary to teach both techniques in the same practice separate the technical lectures at different points in the practice. Coaches might even need to go as far as teaching the bottom technique in a different area of the wrestling room as an unconscious way of breaking from the previous technique lecture.

Many study shows that adult learners can keep tuned in at best for 15 to 20 minutes at the start of a class or in this case a practice. During a two-hour practice, coaches should accept and adjust to the fact that their wrestlers attention span will have dropped to, less than three to five minutes by the end of practice.

When a coach truly considers the message in attention span, late practice live wrestling for extended times such as thirty minutes will have less meaning. Especially late in a practice, wrestlers will need to constantly refocused on the objective of a drill. Having athletes wrestle live for a long period of duration, may serve as a conditioning element, but it will do little to provide the learning needed to improve technique.

The art of coaching wrestling at times will have to bend to the science of today’s society. Attention spans for youth are increasingly short. To help a coach reach the members of his team, he must be prepared to have variety throughout the season. Additionally, coaches should think about how they can effectively instruct their athletes during practices. As we try to sharpen the skills of athletes, we are increasingly on the clock to capture their interest. Coaches no longer plan practices for the generation that watched the Honeymooners; instead, the youth of today grew up on the ever-changing images on MTV. Work hard and hold the wrestler’s attention. It’s a tough job. Remember you got about three seconds.

Article courtesy of Ted Witulski, USA Wrestling and The Mat

Free Training

So I stumbled across a link that has a few free training videos. Then I saw a whole section on a product. I shared it with a few friends and got to think, everyone loves free things. What you be better than free training? Ok, a lot of things. But this is still cool. So I am going to post free training site. If you know of some, please list them also.

http://www.offensive-security.com/metasploit-unleashed/
http://www.offensive-security.com/backtrack-tutorials.php
http://www.offensive-security.com/backtrack-howto.php

Geeks and Fitness

Humm, geek doesn’t generally make you think of a guy in shape.  I grew being an athlete, but not so much anymore.  I have played soccer, was on swim team, basketball, baseball, football (midget, high school, indoor, and flag), wrestling, and track and field (12200 meter, 200×4 relay, shot-put, and discus).  Of course I did weight lifting, but I really got in to lifting after high school.  I did a program call “How to increase your bench press by 50 pounds” by Muscle Media.  I ended up putting 60 pounds on my bench in 14 workouts!  At this time I was lifting 4 or 5 times a week while taking protein and creatine.  At this time I was also playing indoor full contact football.

That was then, and this is now.  Now I sit at a desk and work remotely on server all around the world.  My drive is around an hour each way.  This puts me back in Lincoln around 6pm.  That is enough time to get home at around 6:15pm, make sure my kid is in his Tae Kwon Do uniform, and then to head out at 6:40pm to get to class by 7pm.  That lasts till 8pm.  Get home around 8:15pm and put the kids to bed.  Around 8:30pm I am finally eating dinner.  9pm rolls around and normally I am finally able to kick back.

I have tried to go to a gym in Lincoln around this time but the place was packed at the times I wanted to go.  So now what?  I got a Wii and I found a game called My Fitness Coach.  This is less of a game and more of a customizable workout dvd.  It has you enter a lot of data about yourself (height, weight, age, arm size, chest size, hips, etc.).  You then have to go through some tests such as sitting heart rate and active heart rate and how many of different exercises you can do (sit ups, push ups, squats, etc).  After you set up all this, it helps to build a custom workout program for you.

I am combining this with a site call Daily Burn.  This lets you track you food intake and calorie burns.  My goal is losing 35 pounds and being able to easily run a mile.  We will see how it goes.

Monitoring the Filesystem with Splunk

I have used OSSEC in the past to watch the file system for changes.  When I found that I can have the Splunk agent handle the monitoring itself, I was pretty excited.  Since I would send my OSSEC data to Splunk anyways, it just seemed logical to have Splunk do everything.

In Windows, you need to edit the “c:program filesSplunketcsystemlocalinputs.conf” file.  Of course your path could be different if you installed it in a different place.  There are a lot of options and switches you can use.  I went for the simplest set.

[fschange:d:temp]
recurse=true
pollPeriod=3600

This will monitor the d:temp folder and all files and folders under it.  It will check the system every 3600 seconds (1 hour).

This has helped me keep track of the changes in my servers.  I can see when a file was add/deleted/changed (due to the hash) and then look at who was logged in during the period that the file was changed.

Splunk File Delete

Splunk article on the switches and FSCHANGE.
http://www.splunk.com/base/Documentation/4.0.3/Admin/Monitorchangestoyourfilesystem

[fschange:d:temp]
recurse=true
followLinks=false
pollPeriod=60

RegEx with Splunk for OSSEC

Thanks to Michael Wilde for the information on RegEx in Splunk.  For those like me who aren’t the best at RegEx, I will show some of the regular expressions I am using for OSSEC.

Server Name
(?i) Location:s((?P<FIELDNAME>.*?))s

Windows Event User
(?i) USER: (?P<FIELDNAME>[^:]*);

Server IP
(?i)^[^)]*)s+(?P<FIELDNAME>[^-]*)-

Windows Events
(?i)^[^-]*-s+(?P<FIELDNAME>[^.]*).

LogInUser
(?i) Name: (?P<FIELDNAME>w+)

LogInDomain
(?i) Domain: (?P<FIELDNAME>[^ ]*)[ ]

******************************************************

Now, to add them…

Open your browser and login in to your Splunk server.  In the Search application, type sourcetype=”ossec”
Type Search ossec

or click on “ossec” in the Sourcetypes

Click Search ossec

You should see a bunch of data from the OSSEC server.  On the left of the main frame of the webpage, there should be a grey down arrow.  Clicking on this I get two options.  You want to select  Extract Fields.
Click Extract Fields

Here is where it gets fun.  Splunk included a graphical RegEx builder based on examples.  I ended up playing with this for a while.  Once you have found the expression you like, click on the Save button.
Click Save RegEx

Name your RegEx and click Save.
Save Field

Restart your Splunk server.
Once restarted, on the main search page, on the left sidebar click on Pick fields.
AddField

Here you can select the fields that will be displayed on the search page.
SelectFields

When you get back to the search page, you will notice the new fields.
Showing

OSSEC and Splunk

I have been playing with OSSEC and Splunk.  OSSEC is a Host based Intrusion Detection System (HIDS).  Splunk is a log archiving and searching system.  OSSEC is open source and is multiple platform.  You can run it on Linux/Unix and Windows.  I am using OSSEC to forward Windows Event Logs to Splunk.  Splunk makes the searching and correlation.  Splunk can do WMI.  This would be great since no agent would need to be installed.  The problems is that if you have more than 30-50 systems, the amount time and traffic would cause issues.  Using the OSSEC agent, I am able to push the event logs to the OSSEC server.  From there the OSSEC server will upload to the Splunk server via Syslog.

Right now I have the servers all talking but I do need to adjust a few things.  Right now Splunk sees all the hosts as the OSSEC server.  I believe I just need to tweak the fields.  The question is how.

Splunk
http://www.splunk.com

OSSEC
http://www.ossec.net

New Wireshark

Wireshark 1.2.0 has been released. This is the new stable release branch of Wireshark and many new and exciting features have been added since 1.0 was released.

In this release

  • Wireshark has a spiffy new start page.
  • Display filters now autocomplete.
  • A 64-bit Windows (x64) installer is now provided.
  • Support for the c-ares resolver library has been added. It has many advantages over ADNS.
  • Many new protocol dissectors and capture file formats have been added.
  • Macintosh OS X support has been improved.
  • GeoIP database lookups.
  • OpenStreetMap + GeoIP integration.
  • Improved Postscript(R) print output.
  • The preference handling code is now much smarter about changes.
  • Support for Pcap-ng, the next-generation capture file format.
  • Support for process information correlation via IPFIX.
  • Column widths are now saved.
  • The last used configuration profile is now saved.
  • Protocol preferences are changeable from the packet details context menu.
  • Support for IP packet comparison.
  • Capinfos now shows the average packet rate.

http://www.wireshark.org/

2 Old Tools and 1 New Tool

Many time you might need to access a system but have been locked out or the password to access the local system has been forgotten. There are many ways to deal with that.

NT Offline
If you just want to get in quickly you can use NT Offline. NT Offline will allow you to blank/clear or change the password of an existing local account.  This boots up in to a linux command line utility.  From here you select the drive the OS is on, the path to the config files, and then which account(s) you would like to modify.

fgdump
Being able to change  a password is great and all but what if you need to get the password.  fgdump will allow you to dump the dump the LSASS.  This will allow you to get the users accounts and their hashed passwords.  How to find the password from the hash is another story.  You might start by looking at RainbowTables.

KonBoot
This is the new tool.  It is getting quite a bit of hype right now.  This tool will boot a different kernel of the OS and then load Windows or Linux during the boot.  Once you get to the login screen, simple select a local user or a cached user and press enter with no password and you are in.  There is not much you can do to the account, but you have access to the machine.

Yes I know that these can be listed as “hacker” tools.  But the “hacker” tools are a administrator’s best friend.

I will post these in the links section also.