I love honeypots and wanted to give opencanary a shot. It’s written in python, and very easy to configure and extend. The idea is to stick these in various places in your network with fake services similar to what’s around it. In this case, I have opencanary acting like a Read more
Getting around protections with tunnels is very easy, but there are things you can do to detect and prevent them. A few are outlined at the bottom of this post. DNS Tunneling: First you need to set up DNS. Create an A record for the tunnel server, e.g. ‘lab.yourdomain.com’. Then Read more
Software versions: Bro 2.5.1 – on Debian 8.9 bro server Logstash 2.2.4 on Debian 8.9 bro server Elasticsearch 2.4.6 on Debian 8.9 ELK server Kibana 4.3.0.9369 on Debian 8.9 ELK server First install Java on both systems: sudo add-apt-repository -y ppa:webupd8team/java sudo apt-get update sudo apt-get -y install oracle-java8-installer Read more