I started with acloud.guru AWS Certified Solutions Architect Associate course. https://acloudguru.com/course/aws-certified-solutions-architect-associate-saa-c02 If you get the pro subscription, you get access to labs without having to create your own AWS accounts. I think it’s 50 bucks a month, but you may be able to find this on Udemy for cheaper. AWS Read more
Using FreeBSD 12 RELEASE disc1https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/12.0/ Once the system is up, install the packages below. # fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/12.0-RELEASE/src.txz# tar -C / -xzvf src.txz# portsnap fetch && portsnap extract# pkg update -f && pkg upgrade && pkg install -y open-vm-tools sudo vim htop py27-pip git netmap lua51 gmake gzip bro Additional system Read more
In today’s evolving threat landscape, large organizations must leverage the power of open-source security solutions to protect their networks. This post will explore a real-world example of how a security operations center (SOC) implemented several open-source tools and platforms to detect and respond to sophisticated threats. Deployment of Intrusion Detection Read more
Google doesn’t allow you to bridge their network box so you would have to double NAT and double port forward. Default: fiber_line –> fiber_to_ethernet_jack –> Google_Network_Box The Google Fiber network box powers the fiber to Ethernet jack via Power over Ethernet. You need a PoE injector unless you have a Read more
Ubuntu, RHEL and Suse are now the only “supported” distros when it comes to the proprietary AMD GPU drivers. Historically, nvidia has always had the worst opensource driver for linux, but some would argue the best closed source driver. AMD has been the other way around. Opensource AMD GPU drivers Read more
When I was first starting out in IT, I had to get Compaq and IBM laptop certifications so I could RMA parts to repair the mountain of systems on my desk. I lost so many screws it isn’t even funny. I always loved the old late 90s IBM laptops for Read more
Let’s say I want to send some spoofed email to a friend of mine to help him test his MTA and I have authorization to do so. I need to do recon and prepare some things before I start sending emails. The first thing is a PTR record for my Read more
Ever had the issue where the source IP is not the source IP? With Suricata and Sourcefire you can view the true client source IP and filter out or alert on it. For example, if there’s some known legit scanner hiding in X-Forwarded-For –generating mountains of false positives– it’s much Read more
Threw together a pres on the easiest way to learn IPv6 I could come up with. IPv6_Pres Enjoy, if you’re into this type of stuff.
The folks at MITRE have created yet another awesome tool. CALDERA uses the ATT&CK model to simulate adversary behavior. It’s a great way to generate logs for hunting, or see how your detection stacks up. Here’s how I got it going. I pretty much just followed along with the instructions Read more
Information: A user reported strange computer activity to their support staff. Support was so good that the first thing they did was to snap a memory image before the computer was rebooted. Once the technical staff acquired the memory, they were also able to grab an image of the system Read more
I love honeypots and wanted to give opencanary a shot. It’s written in python, and very easy to configure and extend. The idea is to stick these in various places in your network with fake services similar to what’s around it. In this case, I have opencanary acting like a Read more
Getting around protections with tunnels is very easy, but there are things you can do to detect and prevent them. A few are outlined at the bottom of this post. DNS Tunneling: First you need to set up DNS. Create an A record for the tunnel server, e.g. ‘lab.yourdomain.com’. Then Read more
Software versions: Bro 2.5.1 – on Debian 8.9 bro server Logstash 2.2.4 on Debian 8.9 bro server Elasticsearch 2.4.6 on Debian 8.9 ELK server Kibana 4.3.0.9369 on Debian 8.9 ELK server First install Java on both systems: sudo add-apt-repository -y ppa:webupd8team/java sudo apt-get update sudo apt-get -y install oracle-java8-installer Read more
There are a number of things needed to stop ARP poisoning properly in a Cisco environment. DHCP snooping Trusted ports Dynamic ARP inspection A filter for static IPs DHCP snooping prevents rogue DHCP servers and is the groundwork for all this. It builds a database of bindings and specifies where Read more
It’s easy to stop Optionsbleed with mod_security, unless you need HTTP OPTIONS on your web server. If you’re using CRS, you can uncomment rule number 900200 in crs-setup.conf. The idea here is to only allow what needs to be allowed, and drop everything else. Of course, if you’re not using Read more
This challenge has two phases. The first one involves creative thinking and research. The second one is live malware and reversing. Instructions and hints are built in. Rules and things you’ll need: 1. You need an isolated environment with a Windows Vista/7/10 VM guest, and a snapshot. On the VM, Read more
Google and others have been working on implementing DNS over HTTPS. https://tools.ietf.org/id/draft-hoffman-dns-over-https-00.html This allows bypass of things like RPZ, DNS blackholes, and other protections. All the more reason to start thinking about SSL inspection. The right to privacy is understandable, but protecting users, assets, and data is more important. This Read more
Struts vulnerable ISOs. https://pentesterlab.com/exercises/s2-045 https://struts.apache.org/docs/s2-045.html – CVE-2017-5638 https://pentesterlab.com/exercises/s2-052 https://struts.apache.org/docs/s2-052.html – CVE-2017-9805 Pentesterlab has over 20 free labs where you can learn some techniques used for some pretty big vulns that happened over the past few years. Pro version is 20 bucks a month. Good to see someone doing this again. Read more
MISP is free and it’s one of the best threat sharing platforms I could find. The beauty of MISP is how easy it is to integrate with tools like bro, Snort, and RPZ. You can do API calls and pull in only the data that you want to either alert Read more