PG - Can I Code Against an API to Learn a Product? - Adrienne Merrick-Tagore

yeah I'm a little nervous but it's all my favorite people good more yeah yep oh you guys I need to memorialize this moment because it's my first talk so I'm gonna take a picture everybody say cheese okay thanks I understand that to my mom so okay can you guys hear me okay oh can you guys hear me okay is that more raw okay hi I'm Audrey n i'm going to talk today about my experience coating against opendns as api in order to learn a new product as my title points out so there we go so my agenda for today is to talk a little bit about Who I am why I am here and what I tried to accomplish with

this project I'll tell you a little bit about the story of how it happened as well as what I learned and my hope is that you guys will be inspired to take the plunge and hack away at something new in an effort to learn something cool but first who am i as Derek Zoolander so articulately pointed out that's an important question so my name is Adrian a colleague of mine recently called me a unicorn because I'm a woman I work in marketing I can code and I like to present magical am i right but really my name is Adria and Marek tagore and i work at opendns I've been here for three months and when the b-sides proposal

time came around I had just started at opendns I was pretty excited about the security graph and all the exciting data that we have access to so imma been an infosec for about a year right now I do product marketing at Open DNS and before I did that at whitehat security um in my life I've always been really interested in studying languages from when I was very young I studied French Spanish and Italian but more recently I've become more interested in programming languages so so now I'm trying to learn more of them and apply them before i worked at white hat I did user experience design at a financial services company and in that role we were designing a data

visualization platform for stock data so i got into sequel a little bit to try and access that data and learn a little bit more about it and then after that i went back to school for my mba and an Mis degree where i picked up a little bit of Python and JavaScript in the years since I graduated I haven't really had a lot of opportunity to use those so I thought that this would be a really fun project where I could experience applying Python to something really relevant to my work and also at the same time learn a little bit about opendns as product and interact with the API so the project you might be wondering why does

this chick from marketing give a about an API don't you spend all day writing in hyperbole well the truth is I hate hyperbole so I'm here to keep it real and tell you about what my experience was first hand my motivation is coming from a couple of places so on a technical level I wanted to see what our customers experience was with our API I wanted to put myself in their shoes and have a pretty good understanding of what they're going through an industry level I know that the security landscape is changing and more and more of the tools that security researchers are you our api-based so I wanted to experience that firsthand then on a more personal

level I wanted to dust off my Python knowledge and apply it to something relevant in my real day-to-day life beyond just modules and code Academy and I'm going to admit there was a little bit of ego too because I wanted to prove my technical chops a little bit so do you guys remember the Syrian electronic army attack on the New York Times happened a while back so I heard about that before I even worked in information security and it always fascinated me because from a business perspective I wanted to get an understanding of how can a business protect themselves from having something like that happen so for this project I wanted to think about DNS

hijacking and how a company can prevent that from happening again the original concept for this project was to create an alert where users from my company would where they would have a chip where there would be an alert created if they're visiting a new domain but after see if you read the brief that was what the topic was about but as it turned out when I started getting into the data that wasn't really possible the way that the data was architected made that way too complicated and beyond the scope of what my abilities were especially with this time frame so with the help of my colleagues that opendns we changed the scope a little bit so the scope of this

project is looking at the relationship between a domain and the IP addresses that are associated with it this is coming from the business case where I have a company let's say it's Audrey n enterprises and maybe I own a hundred domains that are all contribute to my business I want to monitor those hundred domains and know whether those are being associated with new IP addresses and want to create an alert so that I can know whether DNS hijacking is going on at my company so that's the premise of the project to give you a little bit more background who who here has heard of opendns raise your hand okay how many of you guys know

that we do enterprise network security you think should raise your hand you know it come on all right so I got a story for you opendns does cloud delivered network security we do both intelligence and enforcement and what makes that possible is this awesome data set opendns has visibility into over two percent of all the world's internet traffic requests which is a lot of data that's 50 billion with the be requests every day from 50 million users every single day so from my perspective the most fascinating part of what opendns does is have visibility into this data and what we can do with it so by interacting with the API I can access that in a way that I wasn't able to do

before Oh in this picture this is the SDA attack so this is sort of the inspiration for taking on this product project so here's a picture of the whiteboard for the initial plan the end goal then goal was to create something that would be useful for future development and so that I could learn about the API but so that we could also have something that the research team might be able to use and build upon in the future and also to impress my colleagues because a lot of them had no idea that I knew how to code or was doing any of this so that was kind of fun so the plan that's drawn out here

which I don't expect you to read was basically to create a list of domains in a text file to query the security graph api for the information about the domain and the IP addresses associated with it so the first part of the code would read the domain the second part of the code would run a for loop that would search for each each domain in there and then for each domain that would create a separate text file with this timestamp of when it was run and then we would run a diff on that so we would compare the results from the current one and the N minus 1 and write that to another txt file called alert

and then it would involve a cron job so that this was scheduled to occur every day or every hour so that was a plan um this is a picture of my github repo so you can see i called this project unicorn after andrew name for me so basically there's a results folder where all of their was all the domain name plus the timestamp are stored then there's do dot P Y which is the main document that has the script that does most of the heavy lifting then there's job SH which is the one that runs the diff and creates the alert and then there's monitor txt which is the file that contains the domain names that I

wanted to monitor so I started the process by picking a list of which domains I wanted to examine then wrote the script dude py ran the code locally that was surprisingly fulfilling and posted it to github there a little bit of trouble came when i tried to deploy the code on anna boon to server and run the script from there there were a lot of issues with accessibility tokens all those kind of things so i spent a lot of time towards the end of the project troubleshooting with that and it raises a lot of issues that i had never thought about before so now i'm going to switch gears a little bit and show you the code

[Music] okay can you guys see that okay alright so this is monitored txt so for this example I looked at three domains CNN New York Times and Spotify then do dot py this is going to be weird ok so i I've included comments for notes for myself so that I would understand what was happening in the code so at the beginning it opens with the shebang which is telling you which witch interpreter to use I just thought shebang was an exclamation that you use when you're excited about something I didn't know that it was a thing and then the next block of code from lens 428 that's importing all the modules that we're going to run then lens 11 and 12

have the authentication tokens that's where I ran into some problems when I deployed it to the server and then the definition DNS DB that's that's using the method for making the request to the API so that's where we actually start talking to the API then the next block from lens 21 to 23 what's happening there is it's that remember that results folder i showed you on github that's basically looking for it if it doesn't exist it'll create it and the reason that you do that is so that you avoid having an error and then line 26 is creating the list of domains so that's the next block of text basically is saying I'm going to read the list of

domains that's in monitor txt and then store that into python and and then it'll print it to a list called called domains and then in this loop every time you hit continue you go back to the beginning of the for loop so this this runs for every one of the three domains that I had listed there then a timestamp that's pretty apparent what it was in this next block from lines 51 264 where we're looking at all of the IP information associated with this domain and that's a lot of information so what this is really about is honing in and getting the information that is really relevant to us so in this case we're not

really looking at a lot of data points but you have to go through this process of refining so and then you make sure keys exist whatever and then the next block down at 68 to 70 that's gonna that's going to append a timestamp to each domain when it writes it when it creates a file and it's me and then it makes two conditions and it checks that the first one is there first so like where are our type equals a that's that means that it has a domain associated with it which means that its ruling out new domains and then it stores it in the RR field so after this all happens then the next step is to set the cron job

which we do in job Sh so this also opens with the shebang and and then you can see here that this is comparing the last results to the current results and then writing that to alert txt I'm going to switch back to my presentation if that works okay is that working ok so this process I learned a lot it was first of all I thought that it would be way easier than it was and ended up being really complicated and I depended on the support of a lot of people to help me figure out how to get out of this mess but it was pretty cool there's my first time using terminal and so even though

I've had a mac for a long time like when was in business school learning how to code we always ran boot camp so I had always used window than ever he's terminal so that was pretty cool like i said earlier i was totally stoked about shebangs that's still my favorite word and i learned how to create a cron job this was also my first time using github so I had created an account back in February but had no clue how to load stuff into it and take it out so that was pretty exciting and it was also also quite an experience deploying that to the server in in troubleshooting the problems with the server I learned about

what a fork is that was kind of cool so that for you guys that don't know a fork is when you have an original code base and then you want to test out an experiment with it so you basically clone it and you can modify it and make sure that it works so with with the security graph API there the original code worked only when i was on the opendns network and when i tried to use it from the server it didn't work well that was fun most importantly I got by with a little help from my friends it really was a team effort and I appreciate everyone who helped me get here so this is my list of people who

I'm eternally grateful for helping me figure this out this was a super-fun project and I learned a lot so I hope that you guys are inspired to experiment with something new and don't worry about getting stuck you'll figure a way out thank you guys for your time [Applause]