network security monitoring

Installing Splunk: First stop on the road to log analysis

First thing’s first: What is Splunk and why do I want or need it? The short is answer is Splunk is a data analytics tool that indexes system logs across different machines and appliances so that they’re searchable. Data analysis, event monitoring, compliance, and overall management oversight can be gleaned from this tool. Splunk takes …

Installing Splunk: First stop on the road to log analysisRead More »

Professionally Evil: Self Inflicted Injury at Vendor’s Request

It’s an unfortunate and still too common a vulnerability to find administrative interfaces exposed and configured with default passwords.  In some cases it doesn’t matter what else you might find like some sexy injection vulnerability;  if I can access your administrative controls and gut your infrastructure it’s game over and a resume generating event for …

Professionally Evil: Self Inflicted Injury at Vendor’s RequestRead More »

Defending Against Pass-the-Hash (PtH) Attacks

Pass-the-Hash (PtH) attacks have become probably the most common form of credential attacks used in the hacking community. Especially in  Microsoft Windows environments, PtH tools are so popular and easy to use, that many attackers no longer even bother to crack passwords anymore. Why waste the time when an administrator’s hash is just as convenient, …

Defending Against Pass-the-Hash (PtH) AttacksRead More »

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority

In this post, I wanted to give something directly to the Blue Teams out there.  I also thought I would call us out a bit for sending mixed messages to our users.  All too often we find internal websites using invalid SSL certificates when we are on an engagement.  Almost every user awareness document or …

SSL Certificates: Setting Up and Authorizing the Internal Certificate AuthorityRead More »

Active Defenses?

Active defense, often mistakenly called hacking back, is a common topic thrown around the security space lately.  And I think there are a number of reasons for this. Current security technologies are beginning to show significant strain.  It seems almost daily there is breach of another large company or government institution.  Many of these companies …

Active Defenses?Read More »