MISP is free and it’s one of the best threat sharing platforms I could find. The beauty of MISP is how easy it is to integrate with tools like bro, Snort, and RPZ. You can do API calls and pull in only the data that you want to either alert Read more
I’ve been comparing SSL decryption services and devices, and Zscaler is much more than that. It’s an all-in-one Content Filtering, SSL decrypting, DLP, Bandwidth controlling(quota), IPS, Malware preventing(including sandbox) awesome cloud based solution. AND, It works with mobile devices even if they’re roaming! The solution consists of GRE tunnels out Read more
Here’s how to install the CA certificate on multiple platforms for MITM. For Linux you have to import certificates into individual browsers. For Firefox, go to edit/preferences/advanced/certificates/view and import the cert under authorities. Check the box for “Identifies Websites.” For Chrome, click settings, search for cert, and open ‘Manage Certificates.’ Read more
Here’s how to generate custom certs and perform a MITM + SSL decryption with bettercap or Squid. MITM with Bettercap. Create a private key, CSR, and Certificate. openssl genrsa -out mitm.key 2048 openssl req -new -key mitm.key -out mitm.csr openssl x509 -req -days 3652 -in mitm.csr -signkey mitm.key -out mitm.crt Read more
Attacker: 172.16.1.10 Victim: 172.16.1.20 Router: 172.16.1.1 Arpspoof method: First enable forwarding on the attacking system. echo ‘1’ > /proc/sys/net/ipv4/ip_forward Poison the ARP table of the router to tell it that you are the victim. arpspoof -i eth0 172.16.1.20 172.16.1.1 Poison the ARP table of the victim to tell it that Read more
Here’s a pfSense setup with a HE tunnel, routed /64 on the inside, and a subnetted out /112 for the VPN. Inside users have dual stack and can surf v4 or v6. Outside users VPN in, and receive an IPv4 and v6 virtual IP. Once in they can route out Read more
Here’s how to configure a pfSense firewall to be a VPN client so IPv4 traffic always traverses the VPN. Build a VM at a cloud provider and configure it as an OpenVPN server. Using a self signed CA, cert, and TLS auth. For pfSense, take the following steps. Cat your Read more
The pfSense page here does a good job of explaining what router advertisements are and some of the settings, but I had to play around to make it work. If you have a flat uncomplicated network at home, the defaults will probably work fine. Clients would pull IPv6 + the default Read more
Here’s how to configure an RPI so that it auto connects to a VPN on boot via PoE. One could connect to it via WiFi and surf over the VPN, and no one will ever know. EVAR! This is for educational purposes only. I’m not responsible for your actions. Get Read more
Got this new XPS 15 9560 and it screams. Dual booting with Win10 for gaming, and Arch as my daily driver. I am absolutely loving it. I really enjoy XFCE, but it has several scaling issues at 4K and I grew tired of it quickly. Gnome3 is working out much Read more
Through my research I came across several scripts and howtos on chrooting, or running openvpn as nobody. They all had issues for me on Arch. Below is a very simple way to run openvpn as a normal non-root user. I have found that this is the most secure method of Read more
1. Install openvpn on OpenELEC: In Kodi select SYSTEM / File Manager Select Add Source / Select None Type http://fusion.tvaddons.ag and select Done Highlight the box underneath and type “fusion” Select OK Go back to your Home Screen and Select SYSTEM Select Add-Ons / Select Install from zip file / Read more
Edit mupen64plus.cfg, set the controller config to 0 (manual) and then set X and Y axis like so: X Axis = “hat(0 Left Right)” Y Axis = “hat(0 Up Down)” Full fightstick configuration: [Input-SDL-Control1] # Mupen64Plus SDL Input Plugin config parameter version number. Please don’t change this version number. version Read more
When installing bro 2.5, you need a gcc version >= 4.8. Here’s how to accomplish this in CentOS 6 if you get errors. First enable the repo by installing this package. yum install centos-release-scl Once completed, this package needs to be installed: yum install devtoolset-3-toolchain And then the new compiler Read more
Not all SD cards are the same. 64 gig on one, is not 64 gig on another. So here’s how to resize and truncate your images so they will fit. First, enable loopback. sudo modprobe loop Then request a free loopback device. sudo losetup -f Create a device. sudo losetup Read more
1. Install prereqs on Debian 8.6 apt-get install libxml2-dev libxslt1-dev python-dev zlib1g-dev python-pycurl python-pip 2. Install libtaxii pip install libtaxii 3. Cron this script to pull different TAXII feeds from hailataxii.com, and convert them into lists that bro can put into the Intel Framework. #!/bin/sh ## TAXII feed script ## Read more
Lots of new features https://www.bro.org/documentation/beta/NEWS.bro.html Installed a test instance on FreeBSD 10.3. pkg install wget swig mkdir /opt wget https://www.bro.org/downloads/beta/bro-2.5-beta.tar.gz tar zxvf bro-2.5-beta.tar.gz ./configure –prefix=/opt/bro && make && make install Get some coffee. I edited /opt/bro/share/bro/site/local.bro and uncommented VLAN logging, Mac logging, and SMB analyzer for testing. I also edited /opt/bro/etc/node.cfg Read more
Apache mod_security can be configured to block OWASP top 10 attacks. Scan me and see. Single server (Debian 8): Install Packages. apt-get install libapache2-mod-security2 service apache2 restart cd /etc/modsecurity/ mv modsecurity.conf-recommended modsecurity.conf Edit modsecurity.conf and enable it “SecRuleEngine On” “SecRequestBodyAccess Off” Grab OWASP Top 10 Rules: git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /opt/OWASP Read more
i3 is a tiled window manager that allows some really cool functionality and customization. Running on Debian 8. Installed the following: sudo apt-get install i3 suckless-tools scrot gmrun terminator nitrogen pip install i3menu set your wallpaper with nitrogen Grab this tray menu. git clone https://github.com/drakmail/snapfly.git $ cd snapfly/package $ ./make_packages.sh Read more