Blue Team Toolset

Being able to detect an intrusion quickly is incredibly important to mitigate risk to a company. Here are some tools I am currently looking at: The CredDefense Toolkit Real Intelligence Threat Analytics

Intrusion Prevention Tools

This is a running list of intrusion prevention tools that I am interested in. Host Based Intrusion Prevention CroudStrike From Crunchbase: “CrowdStrike is a cybersecurity technology firm pioneering next-generation endpoint protection, delivered as a single integrated cloud-based solution. CrowdStrike’s Falcon platform stops breaches by detecting all attacks types, even malware-free intrusions, providing five-second visibility across... » read more

Whitelist Entire Country with ipset

Goal: Whitelist an Entire Country with ipset For this article i’ll be referencing the github repository I set up at https://github.com/ssstonebraker/braker-scripts/tree/master/working-scripts/ipset We have a few files there, specifically: * cidr_to_ipset.sh (a script to create an ipset ruleset) * Some example CIDR blocks for Italy (IT.txt), Spain (ES.txt), Great Britian (GB.txt), USA (US.TXT) * sample_firewall.txt (example... » read more

barnyard2 won’t log to database – how to fix it

What to do when barnyard2 won’t log to the database…. Are you seeing something like this? [SignatureReferencePullDataStore()]: No Reference found in database ... Full text: # /usr/local/bin/barnyard2 -c /etc/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/barnyard2/barnyard2.waldo Running in Continuous mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/etc/barnyard2.conf" +[ Signature... » read more

Mandiant Highlighter – Log and Text File Viewer Review

Product Review – Mandiant Highlighter Today we are looking at Mandiant Highlighter; Log and Text File Viewer Product home page can be found here Cost: Free! Overview MANDIANT Highlighter is a log file analysis tool. Highlighter provides a graphical component to log analysis that helps the analyst identify patterns. Highlighter also provides a number of features aimed at... » read more

check if twitter acct hacked

To check if twitter acct hacked you can look at the recent pastebin posts ( page 1 | page 2 | page 3 | page 4 | page 5 ) and do a find for your username. Additionally a number of websites will search all known publicly posted “hacked” to see if your email or account... » read more

hash windows files against known good set

Let’s say you wanted to hash windows files against a known good set of hashes. Here’s how to do it! Required Tools md5deep nsrlquery You’ll also need a server to query against.  Luckily Kyrus has provided a nsrlserver (beta), known as the Kyrus NSRL Lookup Service!   What’s nsrlquery? nsrlquery is an umbrella project that’s home to... » read more

hash windows shell extension

looking for a hash windows shell extension?  Hashtab is probably one of the best.   HashTab provides OS extensions to calculate file hashes. HashTab supports many hash algorithms such as MD5, SHA1, SHA2, RipeMD, HAVAL and Whirlpool. HashTab is supported as a Windows shell extension and a Mac Finder plugin. HashTab provides an easy way to verify file integrity and authenticity  ... » read more

Honeynet honeywall howto

Honeynet/Honeywall Implementation Routing of malicious traffic and forensic analysis Steve Stonebraker 11/22/2010   A detailed implementation of a full interaction honeypot and honeywall in a virtualized VMWare environment is presented.   The benefits and drawbacks of this type of this type of implementation are explained.  The importance of proper configuration of networking, IDS, and management interfaces... » read more