Threathunting with Elasticsearch

All kinds of interesting information can be found using the Elasticsearch API. https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html I find it easier than using Kibana, but Kibana was necessary to figure out the query language. Using the same queries, you can save out results and sort through them. The simplest example would be something like Read more…

Cleared SAA-C02

I started with acloud.guru AWS Certified Solutions Architect Associate course. https://acloudguru.com/course/aws-certified-solutions-architect-associate-saa-c02 If you get the pro subscription, you get access to labs without having to create your own AWS accounts. I think it’s 50 bucks a month, but you may be able to find this on Udemy for cheaper. AWS Read more…

Bro 2.6 and FreeBSD

Using FreeBSD 12 RELEASE disc1https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/12.0/ Once the system is up, install the packages below. # fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/12.0-RELEASE/src.txz# tar -C / -xzvf src.txz# portsnap fetch && portsnap extract# pkg update -f && pkg upgrade && pkg install -y open-vm-tools sudo vim htop py27-pip git netmap lua51 gmake gzip bro Additional system Read more…

CALDERA

The folks at MITRE have created yet another awesome tool.  CALDERA uses the ATT&CK model to simulate adversary behavior. It’s a great way to generate logs for hunting, or see how your detection stacks up.  Here’s how I got it going. I pretty much just followed along with the instructions Read more…

Forensic Challenge

Information: A user reported strange computer activity to their support staff. Support was so good that the first thing they did was to snap a memory image before the computer was rebooted. Once the technical staff acquired the memory, they were also able to grab an image of the system Read more…

Opencanary

I love honeypots and wanted to give opencanary a shot cause I kept hearing how cool it was.  It’s written in python, and very easy to configure and extend. The idea is to stick these in various places in your network with fake services similar to what’s around it.  In Read more…