Whitelist Entire Country with ipset

Goal: Whitelist an Entire Country with ipset For this article i’ll be referencing the github repository I set up at

https://github.com/ssstonebraker/braker-scripts/tree/master/working-scripts/ipset We have a few files there, specifically: * cidr_to_ipset.sh (a script to create an ipset ruleset) * Some example CIDR blocks for Italy (IT.txt), Spain (ES.txt), Great Britian (GB.txt), USA (US.TXT) * sample_firewall.txt (example . . . → Read More: Whitelist Entire Country with ipset

barnyard2 won’t log to database – how to fix it

What to do when barnyard2 won’t log to the database….

Are you seeing something like this?

[SignatureReferencePullDataStore()]: No Reference found in database …

Full text:

# /usr/local/bin/barnyard2 -c /etc/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/barnyard2/barnyard2.waldo Running in Continuous mode –== Initializing Barnyard2 ==– Initializing Input Plugins! Initializing Output Plugins! Parsing config file “/etc/barnyard2.conf” +[ Signature . . . → Read More: barnyard2 won’t log to database – how to fix it

Mandiant Highlighter – Log and Text File Viewer Review

Product Review - Mandiant Highlighter

Today we are looking at Mandiant Highlighter; Log and Text File Viewer

Product home page can be found here

Cost: Free!

Overview

MANDIANT Highlighter is a log file analysis tool. Highlighter provides a graphical component to log analysis that helps the analyst identify patterns. Highlighter also provides a number of features aimed at . . . → Read More: Mandiant Highlighter – Log and Text File Viewer Review

Command Line TCPDUMP windows

Using TCP DUMP on windows

This will cover how to use command line TCPDUMP on Windows.

Software Windump Winpcap Examples windump.exe -Ap -s65535 port 80 > c:\example_dump.txt

hash windows files against known good set

Let’s say you wanted to hash windows files against a known good set of hashes.

Here’s how to do it!

Required Tools md5deep nsrlquery

You’ll also need a server to query against.  Luckily Kyrus has provided a nsrlserver (beta), known as the Kyrus NSRL Lookup Service!

 

What’s nsrlquery?

nsrlquery is an umbrella project that’s home to . . . → Read More: hash windows files against known good set

hash windows shell extension

looking for a hash windows shell extension?  Hashtab is probably one of the best.

 

HashTab provides OS extensions to calculate file hashes. HashTab supports many hash algorithms such as MD5, SHA1, SHA2, RipeMD, HAVAL and Whirlpool. HashTab is supported as a Windows shell extension and a Mac Finder plugin. HashTab provides an easy way to verify file integrity and authenticity

 

. . . → Read More: hash windows shell extension

Honeynet honeywall howto

Honeynet/Honeywall Implementation

Routing of malicious traffic and forensic analysis

Steve Stonebraker

11/22/2010

 

A detailed implementation of a full interaction honeypot and honeywall in a virtualized VMWare environment is presented.   The benefits and drawbacks of this type of this type of implementation are explained.  The importance of proper . . . → Read More: Honeynet honeywall howto

detect mac flashback

to detect the mac flashback virus (courtesy of cnet.com)

How does it work?

The Flashback malware injects code into applications (specifically Web browsers) that will be executed when they run, and which then send screenshots and other personal information to remote servers.

First step: Exploiting Java When you encounter the malicious Web page containing the . . . → Read More: detect mac flashback

ossec clear database

To delete all currently stored alerts and related data in the ossec database execute these commands in

MySQL Editor:

truncate table alert; truncate table data;

Bash Script: #!/usr/local/bin/bash # #Stop ossec, remove old alerts, start ossec

echo “stopping ossec”

/var/ossec/bin/ossec-control stop

echo ‘TRUNCATE TABLE `alert` ;’ | mysql ossec . . . → Read More: ossec clear database