Seeing Red: Reconnaissance

Seeing Red: Reconnaissance

Reconnaissance: Know Your Target This is part of a series of posts that walk through an attack.  To start from the beginning, click here. In the last post, we got a brief overview of Kali Linux and some of its capabilities.  In this part, we’ll start 

Seeing Red: Tools of the Trade

Seeing Red: Tools of the Trade

Seeing Red This is part of a series of posts that walk through an attack. In an ideal world, information security teams are comprised of both a dedicated Red Team (attackers or offensive side) and a Blue Team (incident responders or defensive side).  I’ve never 

Learn Concepts Not Tools

Learn Concepts Not Tools

Last week, I attended a week-long TippingPoint (a network-based intrusion prevention system) training class for work.  Nothing particularly exciting, just your typical security vendor training.  What I did find interesting, was the class was comprised of 75% TippingPoint employees, training to be part of TippingPoint’s 

Threat Intelligence: CIF

Threat Intelligence: CIF

Introduction One of the many challenges in information security is collecting, managing, and applying threat intelligence.  Typically, threat intelligence comes from a variety of disparate sources, such as IDS rules (Sourcefire / Emerging Threats), server/application logs, historical breach data, private/public feeds, security appliances…the list goes 

Nessus and Splunk

Nessus and Splunk

Introduction Inspired by my IP360 and Splunk integration project (here and here), I wanted to do the same for Tenable Nessus.  In a previous role I implemented Nessus + SecurityCenter and for the most part had a positive experience.  The interface was modern and I liked 

Python Scripts

Python Scripts

I’m consistently impressed by Python and the power it gives anyone to automate a myriad of tasks.  I encourage all security professionals to learn Python as you have or will more than likely run into a problem that requires some kind of automation.  I got 

BSides Austin 2014

BSides Austin 2014

Last month, I attended my first BSides conference in Austin and was excited to see what it was all about.  I wanted to go to the inaugural BSides DC event last year but couldn’t make it.  Having just moved to Austin (you know, like everyone else), 

IP360 and Splunk – Part 2

IP360 and Splunk – Part 2

Introduction In Part 1, I discussed how I thought integrating Tripwire IP360 vulnerability data into Splunk would be a great way to both learn Splunk and create useful and interesting vulnerability reports.  I gave an overview of IP360’s vulnerability scoring system and showed how I