Opencanary

I love honeypots and wanted to give opencanary a shot cause I kept hearing how cool it was.  It’s written in python, and very easy to configure and extend. The idea is to stick these in various places in your network with fake services similar to what’s around it.  In Read more…

DNS and ICMP Tunneling

Getting around protections with tunnels is very easy, but there are things you can do to detect and prevent them.  A few are outlined at the bottom of this post. DNS Tunneling: First you need to set up DNS.  Create an A record for the tunnel server, e.g. ‘lab.yourdomain.com’.  Then Read more…

Bro 2.5.1 and ELK

Software versions: Bro 2.5.1 – on Debian 8.9 bro server Logstash 2.2.4 on Debian 8.9 bro server Elasticsearch 2.4.6 on Debian 8.9 ELK server Kibana 4.3.0.9369 on Debian 8.9 ELK server   First install Java on both systems: sudo add-apt-repository -y ppa:webupd8team/java sudo apt-get update sudo apt-get -y install oracle-java8-installer   Read more…