tail -f security.log

cool tools

Zeekurity Zen – Part II: Zeek Package Manager

Zeekurity Zen – Part II: Zeek Package Manager

This is part of the Zeekurity Zen Zeries on building a Zeek (Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Now we’ll introduce the Zeek Package Manager to extend Zeek’s functionality with packages contributed […]

Zeekurity Zen Zeries

Zeekurity Zen Zeries

Zeek (formerly named Bro) is my favorite network security monitoring platform, and I’ve used and promoted it throughout my career.  It generates rich network metadata that’s incredibly valuable for incident response, forensics, and general troubleshooting. For most people, the main challenge with using Zeek is in setting […]

OSM: Open Security Monitoring

OSM: Open Security Monitoring

Introduction I’ve spent most of my career defending environments of all sizes.  What I’ve found is that the job of a defender is much less flashier and thankless as compared to an “ethical hacker.”  While there are volumes of articles, guides, and talks on penetration […]

Seeing Red: The Fun Stuff

Seeing Red: The Fun Stuff

The Fun Stuff: Privilege Escalation, Exfiltration, and Persistence This is part of a series of posts that walk through an attack.  To start from the beginning, click here. In the last post, we successfully exploited our Victim using a client-side attack targeting an old version of Microsoft […]

IP360 Tools: Free For All!

IP360 Tools: Free For All!

Last year, I wrote a couple articles on how to integrate Tripwire IP360 data into Splunk.  These turned out to be very popular, with a number of folks reaching out to me for a copy of my IP360 Tools script that made all the magic […]

Seeing Red: Tools of the Trade

Seeing Red: Tools of the Trade

Seeing Red This is part of a series of posts that walk through an attack. In an ideal world, information security teams are comprised of both a dedicated Red Team (attackers or offensive side) and a Blue Team (incident responders or defensive side).  I’ve never […]

Threat Intelligence: CIF

Threat Intelligence: CIF

Introduction One of the many challenges in information security is collecting, managing, and applying threat intelligence.  Typically, threat intelligence comes from a variety of disparate sources, such as IDS rules (Sourcefire / Emerging Threats), server/application logs, historical breach data, private/public feeds, security appliances…the list goes […]

Incident Response: Carbon Black

Incident Response: Carbon Black

A few months ago I read about an emerging incident response technology called Carbon Black.  At its core, Carbon Black acts as a surveillance camera for a system.  It’s a lightweight sensor that constantly collects process and network information.  More importantly, it shows relationships for […]