Bro 2.6 and FreeBSD

Using FreeBSD 12 RELEASE disc1https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/12.0/ Once the system is up, install the packages below. # fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/12.0-RELEASE/src.txz# tar -C / -xzvf src.txz# portsnap fetch && portsnap extract# pkg update -f && pkg upgrade && pkg install -y open-vm-tools sudo vim htop py27-pip git netmap lua51 gmake gzip bro Additional system Read more…

Bypassing Google Fiber

Google doesn’t allow you to bridge their network box so you would have to double NAT and double port forward. Maybe some people are fine with that, but I hate it. Luckily, it’s really easy to bypass. Default: fiber_line –> fiber_to_ethernet_jack –> Google_Network_Box The Google Fiber network box powers the Read more…

AMDGPU Pro on Debian

Ubuntu, RHEL and Suse are now the only “supported” distros when it comes to the proprietary AMD GPU drivers. Historically, nvidia has always had the worst opensource driver for linux, but some would argue the best closed source driver. AMD has been the other way around. Opensource AMD GPU drivers Read more…

CALDERA

The folks at MITRE have created yet another awesome tool.  CALDERA uses the ATT&CK model to simulate adversary behavior. It’s a great way to generate logs for hunting, or see how your detection stacks up.  Here’s how I got it going. I pretty much just followed along with the instructions Read more…

Forensic Challenge

Information: A user reported strange computer activity to their support staff. Support was so good that the first thing they did was to snap a memory image before the computer was rebooted. Once the technical staff acquired the memory, they were also able to grab an image of the system Read more…

Opencanary

I love honeypots and wanted to give opencanary a shot cause I kept hearing how cool it was.  It’s written in python, and very easy to configure and extend. The idea is to stick these in various places in your network with fake services similar to what’s around it.  In Read more…