network security monitoring

Installing Splunk: First stop on the road to log analysis

First thing’s first: What is Splunk and why do I want or need it? The short is answer is Splunk is a data analytics tool that indexes system logs across different machines and appliances so that they’re searchable. Data analysis, event monitoring, compliance, and overall management oversight can be gleaned from this tool. Splunk takes …

Installing Splunk: First stop on the road to log analysis Read More »

Logging Like a Lumber Jack

Turn on any news outlet or visit any news site and you will most likely see an announcement of yet another data breach.  On the DTR podcast we discuss breaches in the news during almost every episode.  There is a push to put more of an emphasis on identifying and reacting to a breach or …

Logging Like a Lumber Jack Read More »

Professionally Evil: Self Inflicted Injury at Vendor’s Request

It’s an unfortunate and still too common a vulnerability to find administrative interfaces exposed and configured with default passwords.  In some cases it doesn’t matter what else you might find like some sexy injection vulnerability;  if I can access your administrative controls and gut your infrastructure it’s game over and a resume generating event for …

Professionally Evil: Self Inflicted Injury at Vendor’s Request Read More »

Defending Against Pass-the-Hash (PtH) Attacks

Pass-the-Hash (PtH) attacks have become probably the most common form of credential attacks used in the hacking community. Especially in  Microsoft Windows environments, PtH tools are so popular and easy to use, that many attackers no longer even bother to crack passwords anymore. Why waste the time when an administrator’s hash is just as convenient, …

Defending Against Pass-the-Hash (PtH) Attacks Read More »

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority

In this post, I wanted to give something directly to the Blue Teams out there.  I also thought I would call us out a bit for sending mixed messages to our users.  All too often we find internal websites using invalid SSL certificates when we are on an engagement.  Almost every user awareness document or …

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More »

Active Defenses?

Active defense, often mistakenly called hacking back, is a common topic thrown around the security space lately.  And I think there are a number of reasons for this. Current security technologies are beginning to show significant strain.  It seems almost daily there is breach of another large company or government institution.  Many of these companies …

Active Defenses? Read More »

Security Onion @ UTOSC 2012

Shortly before joining Secure Ideas, I spoke on Security Onion and Network Security Monitoring (NSM) at the Utah Open Source Conference 2012.  The presentation was aimed at introducing folks to Security Onion and how to get started with it.  The demo gods were tempted during the presentation, but I was still able to setup a …

Security Onion @ UTOSC 2012 Read More »

Scroll to Top