Lucas Sweany
Security Analyst, System Administrator, Coder
This is the home for information on many of my personal projects. I thoroughly enjoy linux system administration and programming in Perl, Bash, and Python. I excel at system glue and automation. Puppet and RPMs are good friends of mine. Tinkering and breaking things to see how they work are my bread and butter. Here are some of my experiments...
Security Analyst, System Administrator, Coder
This is the home for information on many of my personal projects. I thoroughly enjoy linux system administration and programming in Perl, Bash, and Python. I excel at system glue and automation. Puppet and RPMs are good friends of mine. Tinkering and breaking things to see how they work are my bread and butter. Here are some of my experiments...
Work Experience
2017 - Present Security Architect at Pure Storage
2012 - 2017 Principal Security Analyst at Qualys
2008 - 2012 Security Analyst III at Monterey County ITD
2007-2008 Systems Programmer Analyst at Monterey County ITD
2006-2007 IT Support Tech II at Monterey County ITD
2001 Web Security Advisory Board member at University of California at Davis Extension
1999-2007 Systems Administrator at Om Networks
1998 Technical Support at Mother.com Internet Services (now known as Cal.net)
Certifications
GIAC Badges, GIAC directory
2022 GIAC Defensible Security Architecture (GDSA)
2019 SANS FOR518 - Mac and iOS Forensic Analysis and Incident Response
2017 GIAC Continuous Monitoring Certification (GMON)
2016 GIAC Certified Forensic Analyst (GCFA)
2015 GIAC Certified UNIX Security Administrator (GCUX)
2014 GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
2012 GIAC Penetration Tester (GPEN)
2010 GIAC Certified Incident Handler (GCIH)
2009 GIAC Certified Intrusion Analyst (GCIA)
2005 CompTIA Network+
2004 CompTIA A+
Personal
- AstroPhotography
- Landscape Photography
- RC aircraft operation and repair
- Active Member of the Cal-Aggie Marching Band-uh! 1996-2001
Born 1978 in Chico, California
Graduated Paradise High School 1996
EE Major at UC Davis 1996-1999
2017 - Present Security Architect at Pure Storage
2012 - 2017 Principal Security Analyst at Qualys
2008 - 2012 Security Analyst III at Monterey County ITD
2007-2008 Systems Programmer Analyst at Monterey County ITD
2006-2007 IT Support Tech II at Monterey County ITD
2001 Web Security Advisory Board member at University of California at Davis Extension
1999-2007 Systems Administrator at Om Networks
1998 Technical Support at Mother.com Internet Services (now known as Cal.net)
Certifications
GIAC Badges, GIAC directory
2022 GIAC Defensible Security Architecture (GDSA)
2019 SANS FOR518 - Mac and iOS Forensic Analysis and Incident Response
2017 GIAC Continuous Monitoring Certification (GMON)
2016 GIAC Certified Forensic Analyst (GCFA)
2015 GIAC Certified UNIX Security Administrator (GCUX)
2014 GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
2012 GIAC Penetration Tester (GPEN)
2010 GIAC Certified Incident Handler (GCIH)
2009 GIAC Certified Intrusion Analyst (GCIA)
2005 CompTIA Network+
2004 CompTIA A+
Personal
- AstroPhotography
- Landscape Photography
- RC aircraft operation and repair
- Active Member of the Cal-Aggie Marching Band-uh! 1996-2001
Born 1978 in Chico, California
Graduated Paradise High School 1996
EE Major at UC Davis 1996-1999
Personal
github: https://github.com/sweany
Professional
github: https://github.com/sweany
| H@X0RBB | (2000-2012) Perl FastCGI web forum that uses a MySQL database. | ||
| eaglepoll | (2015) Grab smart meter metrics from rainforest automation base station, pipe them to RRD and syslog. | ||
| wemopoll | (2014) Actively scan for wemo insight switches, grab the power metrics from them. | ||
| wdsniff | (2013) La Crosse TX60U sniffing. | ||
| lsflow.pl | (2012) Capture flow data on a local interface. | ||
| httplog | (2011) Sniff http requests off of the wire, pipe them to syslog. | ||
| protolag.pl | (2011-2012) Passively measure packet latency on a local interface. | ||
| webgal.cgi | (2011-12-12) Tag based image gallery; automatically generate thumbnails and tags based on EXIF image attributes | ||
| winfw2el | (2010-07-05) A Perl application that puts firewall drops into the Windows Application Event Log | ||
| SLFilter.pl | (2010-03-18) A Perl/Tk application to monitor syslog messages | ||
| sshwatch | (2010) watch syslog for failed logins, reflexively block attackers with firewall rules (no project page currently) | ||
| dshieldsubmitter.pl | (2007) Parse firewall drop messages from iptables (linux), ipfw2 (freebsd), and windows xp firewall; format and submit them to dshield.org | ||
| UPS Hacking | (2005-10-25) Decoding USB signals from my APC Back-UPS XS 1000 | ||
| EXIF Tools | (2010) A couple scripts to work with EXIF data automatically stored in digital camera pictures | ||
| Depth of Field Calculator | (2005) A depth of field calculator for my HP 48G, also a J2ME version for my Motorola i730 mobile phone | ||
| bookmarks.pl | (2003-2004) a personal portal for favorite web sites (I hate web browser bookmarks!) (no project page currently) | ||
| webgal.cgi | (2003-04-23) a photo gallery program that automatically generates thumbnails (no project page currently) | ||
| FindMedia | (2003) Gobble media from the web. | ||
| batchresolve | (2003) a massively parallel dns resolver (no project page currently) | ||
| counter-stats | (2001) parse counter-strike (and other half-life based games) logs and produce statistics for the web (no project page currently) | ||
| this web site | constantly under construction |
Professional
| syslogmgr | (2012) Perl/Tk tool to assist in managing syslog forwarding agents on hundreds of windows servers (no project page currently) | ||
| findcap | (2011) parse a large directory tree of pcap capture files to find packets for the specified time range and BPF (no project page currently) | ||
| fastflux_alert | (2011) alert on DNS traffic which exhibits entropy not consistent with normal day-to-day queries (no project page currently) | ||
| grabird | (2011) batch file to remotely retrieve windows system vitals commonly needed for malware incident response; no external dependencies (no project page currently) | ||
| proxylog | (2010) Sniff HTTP requests from the wire using httpry; format them and forward them to a log server using netcat (no project page currently) | ||
| tkresolver | (2010) Supply an arbitrary list of hostnames and/or ip addresses, output the results of dns resolution, ping, nbtstat, psloggedon, and dsquery for AD membership (no project page currently) | ||
| omorders | (2003-2007) customer tracking, trouble ticketing, automatic provisioning for DSL, virtual hosting, and other services (no project page currently) | ||
| omcalendar | (2005) PHP calendar to assist with scheduling customer installs and employee availability (no project page currently) | ||
| squidalyze | (2003-2004) analyze logs from squid proxies (no project page currently) | ||
| dnsvh | (2003) automatically provision new web sites and dns zones for Windows 2000 DNS and IIS 5 (no project page currently) | ||
| trip | (2003) a file integrity checker (no project page currently) | ||
| Relay-After-POP | (2002) Allow relaying in sendmail on any IP Address after authenticating via POP3. | ||
| FormMail | (2002) E-mail the contents of a Web Form. |
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQENBFn3jfsBCACbDSafATFDp2P0Wpj04JKpJQi/sT2j/tRAKAJfIyDgYqAd0t6e 2w/GLqwGPDsDJAPM8VzhkEHDpR1TiD9UJ+guUxM5snGp2Bbw458rwd7Rl7zgjAj2 10cEqNMclBV4daU2fWLOUw2owzPAxWbkn43ZMU70l6KGUe0PZh1/jutonpMfvBaa u41OlMwrOSWi6SdABnmY+AQewbTXfezMXKHj5tv9sgUxJkHHioHGdLrMVXjgTGu1 GzEEtlIakucqXkjCpox3MOq4TqqmQemkCJ5xDAzIGV+kXZgXIJ6t4cklnW3Ed7Wv aoNv4WxLSoFJuDrSz8mbmOHgskG4n4X9gxtXABEBAAG0IUx1Y2FzIFN3ZWFueSA8 bHVjYXNAY2dpLXRoaXMuY29tPokBOAQTAQIAIgUCWfeN+wIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQUQ53WFL2CKrpoQf9H3/ZD34TMIGphW5ZlfWewFc5 3aVsd901u6k9qYSdUl1NxROPwRUwMpguDNxNK5olVHfyiOhn/5Nc287Ix3W7pump 4WgvMne1tWmyHEZ2KWMDtLX9vvny0zYgcstJK6xUzQq++DLNvVmDdIsfXuxwL0sI cPo0YtSX/W0WbNyNaC60QbSPPQ+8B91viR/kiNthGL2vpCi5ax7xGiejsJn5Wspt GozaSFy2pFhzVZJXPAq+st085BgO0eFktxXiIiYscu/+ihrGqNFXTzPvJrqHwmvF HINelVf9QfTSu5l13Q4Ur4dNw19GlqHX1DZ23P5nua/ClNHa0tLfVbh9uIF6lbkB DQRZ9437AQgA0tX9+gJgxaskes4PQ0OavoNHN3gk/N0gZwmVxaM3Qg9ki+J1Hjlp o2HMreID7Cl+e2s5bIXBN8zsj4MZcg7A12xSbbvyC6FTjF6CR38SXcVDKO7fjKNZ BhxdQeuQAYMmeCpJqf1xcStMT5708aXxfoaLDDxfoEibuzV4R2yj7dSIPEApzaHv HqvsX3VMOEb+Newkt/EjbbLfAC/l8uQMj1U9rXdUdxOFwS1mwDopCiQaS13q04Ie mSEMHsjYTri/GBf1QGe9OW7pvcLSzxSnD6NHRem06j06gHliITAOzK378eTgzBAF tsOn7Lr2Y438IKFv5168FhorBhi8dygKyQARAQABiQEfBBgBAgAJBQJZ9437AhsM AAoJEFEOd1hS9giqIV4H/3wJsj6TzaPp24lshrkfN7BF6NDLyN9l9rIdOGRTl1D2 6aKKC+TEse8M5WC6dL03V3DwYKoZDnny6QC4DWQbRDrz+P58HDrX0/oKvVIsMXsy wY2eVegnLTRXP/WFsJxiKaeEP84TaAvpfzGRy7nV4o99FRGjJQ6h8CY07ylL6pXX pyCQu6WnwQSYY5ogp+J/xdcRnqkIDspMiD/Txu4HhDfRgLyI7AEjte2VxagEvdLn Zddu+EtRRI2MSqSSDxIlBMjVk42K44uvfFp82NS92dNjWNeE141fO+JpQYQT19CB TBM2L9bFD0s/6b1+Pn/6/BE0E6W7gCAWicSolTzYJZs= =e3AB -----END PGP PUBLIC KEY BLOCK-----