Flex VPN Reference

Only IKEv2Unified configScalableServer/ClientCA Server recommended Prereq 1 – CA Server/Client: Server: ip domain-name cisco.com crypto key generate rsa modulus 1024 ip http server crypto pki server CA crypto pki trustpoint CA issuer-name O=CISCO L=SanJose C=US grant auto sh crypto pki certificates Client: ip domain-name cisco.com crypto key generate rsa modulus Read more…

GetVPN Reference

Does not support IKEv2. Only IKE v1. Does not have an overlay routing protocol or tunnel. Encrypts data in the underlay itself. Since there’s no overlay tunnel you don’t need additional subnets created. Centralized policy management. Policies in one place and pushed to all clients. The Keyserver. Components:-GM (Group Member)-KS Read more…

Bro 2.6 and FreeBSD

Using FreeBSD 12 RELEASE disc1https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/12.0/ Once the system is up, install the packages below. # fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/12.0-RELEASE/src.txz# tar -C / -xzvf src.txz# portsnap fetch && portsnap extract# pkg update -f && pkg upgrade && pkg install -y open-vm-tools sudo vim htop py27-pip git netmap lua51 gmake gzip bro Additional system Read more…

CALDERA

The folks at MITRE have created yet another awesome tool.  CALDERA uses the ATT&CK model to simulate adversary behavior. It’s a great way to generate logs for hunting, or see how your detection stacks up.  Here’s how I got it going. I pretty much just followed along with the instructions Read more…

Forensic Challenge

Information: A user reported strange computer activity to their support staff. Support was so good that the first thing they did was to snap a memory image before the computer was rebooted. Once the technical staff acquired the memory, they were also able to grab an image of the system Read more…

Opencanary

I love honeypots and wanted to give opencanary a shot cause I kept hearing how cool it was.  It’s written in python, and very easy to configure and extend. The idea is to stick these in various places in your network with fake services similar to what’s around it.  In Read more…

DNS and ICMP Tunneling

Getting around protections with tunnels is very easy, but there are things you can do to detect and prevent them.  A few are outlined at the bottom of this post. DNS Tunneling: First you need to set up DNS.  Create an A record for the tunnel server, e.g. ‘lab.yourdomain.com’.  Then Read more…

Bro 2.5.1 and ELK

Software versions: Bro 2.5.1 – on Debian 8.9 bro server Logstash 2.2.4 on Debian 8.9 bro server Elasticsearch 2.4.6 on Debian 8.9 ELK server Kibana 4.3.0.9369 on Debian 8.9 ELK server   First install Java on both systems: sudo add-apt-repository -y ppa:webupd8team/java sudo apt-get update sudo apt-get -y install oracle-java8-installer   Read more…