Accessing resources remotely without cumbersome jumpboxes and dealing with restrictive red tape has been a recurring challenge for many. In this blog post, I will introduce a method to seamlessly extend your Wide Area Network (WAN) to the cloud and open inbound ports to a network within a firewall that Read more…
Introduction: Have you ever wanted to test how a system reacts, displays information, or handles attacks by pushing a bunch of PCAP (Packet Capture) files through a router or an Intrusion Detection and Prevention System (IDPS)? In this blog post, we’ll show you an easy and free method to accomplish Read more…
Back to basics. Everything needed to learn ASM is available for free online. Art of ASM book:http://www.plantation-productions.com/Webster/www.artofasm.com/Windows/HTML/AoATOC.html It starts you off with High Level Assembly which is more like a traditional programming language. Towards the end, you’ll switch to actual assembly little endian full on ASM programming. All course files are available Read more…
Say you keep loads of domain indicators in file lists for Bro to consume. If some user hits a bad domain, bro alerts. But you want to auto block the domain. That’s where RPZ could come into play. The domains are all in INDICATOR_DOM flat files like: cat ALINAPOS_DOM adobeflasherup1.com Read more…
This config is working great with the INE R&S 5.0 training. I have a trunk over to 4 physical 3560s. LINK to GNS3 Configs Using c7200-adventerprisek9-mz.152-4.S1.image. The appliance marketplace has grown substantially. https://gns3.com/marketplace/appliances/ Here’s an example with Cisco ISE. asdfasdf
There are many free sites and utilities you can use to learn more about attack vectors. DO NOT RUN THESE IN PRODUCTION. https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project OWASP top 10 scenarios. https://www.hackthissite.org/ Lots of web hacking scenarios. http://www.dvwa.co.uk/ Vulnerable web app. https://github.com/Subterfuge-Framework/Subterfuge/blob/master/README.md easy MITM. Not even fair. Try learning the old ways with Ettercap, Read more…
I needed to be able to extract attachments from SMTP in order to do a poor mans Fireeye type solution. I can then hash the files and submit to virustotal and/or cuckoobox. Create the file “extract-smtp.bro” in your bro $PREFIX/policy/misc/ directory global mime_to_ext: table[string] of string = { [“application/x-dosexec”] = Read more…
Timemachine is a great solution for a full pcap system. Nothing fancy, but extremely good at it’s job. https://www.bro.org/community/time-machine.html #Install EPEL.http://mirror.umd.edu/fedora/epel/6/i386/repoview/epel-release.html sudo yum install cmake swig python-devel byacc kernel-devel libtool subversion automake make autoconf pcre-devel libpcap-devel libpcap flex bison byacc gcc gcc-c++ zlib-devel numactl numactl-devel GeoIP GeoIP-devel gperftools # install Read more…
Timemachine is just raw pacp and while it does integrate with Bro, Moloch’s gui is way waaaaayyy better. Command line is king. 1. Install prereqs yum install cmake make gcc gcc-c++ flex bison l openssl-devel python-devel swig zlib-devel git numactl numactl-devel httpd-tools readline readline-devel 2. Grab timemachine git clone –recursive Read more…
Got a huge JBOD and you would like to RAID them? It’s easy. ####First, figure out what Linux picked up the drives as. fdisk -l > disks.txt cat disks.txt | grep /dev | grep -v Disk ####Then i just copied that into notepad, removed all the “1s” and formatted like Read more…