Feeds
Links
Pages
Categories
Tag Cloud
acrobat reader backups blog blogger bot cisco dd image debian defense dns email emet encryption evil bits exploits facebook gcih gmail google gpen gsutil java linux live view mail malware metasploit microsoft windows netflow obfuscation photo gallery php physical security python raid sans shell scripting silk social networking truecrypt vmdk vmware vulnerability scanning wordpress xenArchives
- December 2011
- October 2011
- August 2011
- July 2011
- June 2011
- April 2011
- March 2011
- January 2011
- November 2010
- August 2010
- May 2010
- February 2010
- January 2010
- December 2009
- October 2009
- September 2009
- May 2009
- March 2009
- February 2009
- January 2009
- December 2008
- October 2008
- September 2008
- August 2008
- July 2008
- May 2008
- March 2008
- February 2008
- January 2008
- May 2007
- March 2007
- February 2007
- December 2006
- October 2006
- September 2006
- August 2006
- April 2006
- March 2006
- February 2006
Category Archives: security
Block Command and Control requests using ASA 5500
I recently came across a blog post demonstrating how to use the Emerging Threats rule sets in order to block malware calls to command and control (C&C) hosts. Using the script referenced in the blog post may work fine, but … Continue reading
Amazon S3 Server-Side Encryption using GSUtil
If you would like to enable server-side encryption which is a relatively new feature for your Amazon S3 data using GSUtil then you need specify the header value when pushing files to their cloud. $ gsutil -h “x-amz-server-side-encryption: AES256″ cp … Continue reading
Block IRC and other communications with McAfee VirusScan
After taking a peak at some McAfee’s logs I decided to try mucking about with some of the Access Protection functionality, specifically IRC communication. I noticed there were a number of useful entries that could be sent to log or … Continue reading
Variance in rwfilter results from netflow v5 and YaF
Looking over some netflow data I notice some variance between the two sensors. Sensor s0 is v5 netflow data from a Cisco switch, s1 is from a network tap listening between a Router on a Stick and said Cisco switch. … Continue reading
Configure YAF on Linux for NetFlow collection from a network tap or SPAN
In a previous post SiLK was setup on a Debian host using NetFlow v5 from a Cisco switch. This worked well but I also have a network tap and said Cisco switch is capable of capturing data via SPAN port(s). … Continue reading
Configure SiLK on Linux for NetFlow collection from a Cisco router
This guide walks through configuring SiLK from a source install on a Debian 6 host in order to collect NetFlow data from a Cisco router. The guides here and here written by CERT NetSA are quite good but lack some … Continue reading
Running NIX Retina and Nessus vulnerability scans with least privileges
When you are running those vulnerability scans of Linux and UNIX hosts I hope that you are following best practices for keeping a host secure during the process. Both Retina and Nessus rely upon SSH in order to connect to … Continue reading
Insecure Library Loading Could Allow Remote Code Execution
Note this is an older post that I am migrating from another blog I previously maintained. Metasploit has already provide a nice write up of the pwning, I mean testing the vector http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html. It does involve a bit of prep … Continue reading
Keeping your hardware safe and avoiding the evil maid
This installment is about keeping your notebook and other technology items safe. I was recently asked what the Defcon locks were for that I have been distributing with the new notebooks. I jokingly said to keep people from taking your … Continue reading