Splunk Core Certified User Certification – Review

Read More

I work in information security and I enjoy everything SIEM related so learning Splunk was a no-brainer for me. Splunk has so many applications that almost any environment can benefit from a Splunk deployment. Whether you are using it as a log management system or creating dashboards for data analytics, Splunk provides a nice framework …

How I Passed the AWS Certified Security – Specialty

Read More

Anyone responsible for securing assets in Amazon Web Services may want to pursue the AWS Security Specialty certification. The exam has given me confidence to work at a professional level on any of the domains covered in the exam. What is it? The AWS Security Specialty certification was designed for professionals that currently work in …

LogRhythm Network Forensics at home

Read More

LogRhythm is a “NextGen SIEM” that allows much more than log management. They include all the current cyber security acronyms in their SIEM solution such as UEBA, NTBA, SAO, and TLM. I will be focusing on the network traffic and behavior analytics offering called LogRhythm NetMon. LogRhythm NetMon is used to collect inline or mirrored …

VulnWhisperer Ubuntu Server 18.04

Read More

Nessus professional is nice for small business vulnerability management, but the reporting is lacking until you upgrade to Security Center. VulnWhisperer uses the elastic stack to provide scan result summaries that are easy to review and report to management or operations teams for remediation. Impress your C-suite with vulnerability reports using VulnWhisperer. Prerequisites: Ubuntu 18 …

AWS Inspecting with Inspector

Read More

Inspector is a tool/service provided by AWS that allows for assessing the vulnerability and compliance posture of instances in your cloud and on-prem environment. One immediate benefit to using Inspector is that no ports need to be opened on the instance to allow for vulnerability and compliance scanning. This keeps the attack surface small while …

GHIDRA v9.0 Starter Guide

Read More

IDA has been the standard for reverse engineering for many years, but the price of licensing for the software has kept the product from the reach of many small to medium size IT departments. This changes with the introduction of GHIDRA. GHIDRA is a set of open source tools released by the NSA that will …

Logging and Alerting on EC2 instances with AWS

Read More

I will be showing the process of logging from the OS on an EC2 instance to CloudTrail, then sending an alert based on a specific action performed on the EC2 instance using multiple AWS services. The first step is to install the CloudWatch agent on the EC2 instance. I will showing how to install the …

DISA STIG RHEL with Ansible

Read More

Now before we dive in, lets explain what we are doing, and why we are using this method. DISA STIGS are DOD IA configuration standards used for systems that play a critical role in providing government services. Based the the capabilities of the system, these configuration changes will harden a system and reduce the attack …

New Way of Thinking “IT”

Read More

The industry skill base is shifting towards a new idea of enterprise IT, but are we still thinking “Old IT”? Organizations are moving to the cloud with a traditional IT mindset, and its costing more than it should. Moving to the cloud, in general, has lots of immediate benefits including scalability, availability, and automating tasks …

DevSecOps Git-Secrets AWS

Read More

DevSecOps is the term being passed around recently. Instead of talking about what it is, I wanted to provide an action item that would be quick and easy to implement into your environment. This method will scan git repositories for AWS keys before making them public. What is git secrets? Git-Secrets has the ability to …

Comptia CySA + Review

Read More

I recently sat for the Comptia CySA+ exam, and was pleasantly surprised at the technical material covered. What is it? Comptia started offering a new certification in June of 2017 that focuses on Blue Team/defensive information security and incident response.  The CySA+ was recently recognized by the DOD to cover the Cyber Security Provider (CSSP) …

TUCTF Event

Read More

This weekend I decided to check out the TUCTF Capture the Flag event.  The event started on Nov. 23rd 2018 in the evening. Location – Online: https://tuctf.com/challenges The rules were simple: ABSOLUTELY no sharing flags There is no limit to team members Prizes are given to the top 3 placing collegiate and high school teams …

Building SMTP server in AWS

Read More

After building out a fairly transparent home network, I found myself needing to receive IDS and SIEM alerts so I could respond to events quicker.  AWS is reliable and fairly cheap, so that is the platform I chose to build out my SMTP server.  This guide will only show how to stand up a system …

Hide Messages With Ulterior

Read More

While working on a CTF a couple of weeks ago I ran across a challenge that required inspecting a web app. The page had one line of visible text, however the source showed many repeating patterns of characters(‌​) Say “Hello” to zero-width characters. These characters are called non-printing characters so they are not visible while …

Building PenTest Framework in AWS

Read More

Building your Command & Control environment from the cloud not only allows easy management of instances, but also provides scaling as needed.  This guide will show how to build a ubuntu server in AWS, and then download and install the PenTest Framework. Create an AWS account. Under Instances -> Select Launch Instance Within the Quick …

Malware Analysis – FLARE-VM

Read More

Malware analysis, like many other areas of information security, has an overload of tools and custom scripts.  With so many options it is difficult to stay on top of the most current useful tools for doing static/dynamic malware analysis.  I stumbled across a great resource recently and wanted to share.  Check out FireEye’s flare-vm. This …

Why…TP-LINK…Why?

Read More

Due to recent hardware failure, I have been on the market for a new switch to replace my CISCO 24 port.  I wanted something a bit smaller, that would still allow management features such as VLAN, QOS, Port monitoring, etc.  With these requirements in mind, I found a good deal on a TP-Link TL-SG1016DE.  This …

Set up SSL certificates for your web applications!

Read More

Preventing messages and communication from being intercepted between two machines is a requirement in today’s IT infrastructure.  In order to secure your communications between a server and client, encryption is required.  TLS is the current standard.  This walk-through will help install and configure SSL/TLS certificates on a Cent OS 7 machine.  Check out the CentOS …

Light Up CentOS 7, with the LAMP Stack!

Read More

What is the LAMP stack?  This acronym was given because of a common group of services installed commonly for web applications: Linux, Apache, MySQL, and PHP.  Before we install this group of open source services, if you need help installing CentOS 7, follow my walkthrough here. 1.Install Apache sudo yum install httpd 2.Install the database …

How I Passed the CISSP

Read More

I recently passed the examination in March 2018.  This entire experience has helped me understand security at a foundation level, and I expect this knowledge to greatly benefit my career. The CISSP or Certified Information Systems Security Professional is an information security certification that has had many mixed opinions in the security community.  This mixed …

CentOS 7 VMware Installation

Read More

If you work in an environment with RHEL linux machines, CentOS 7 is great for your home lab. Here is a quick walkthrough to install the Minimal ISO (No Graphic User Interface) This ISO will be used in many future walkthroughs on Trenches of IT. 1. Visit https://www.centos.org/download/ Click the Minimal ISO, Select the mirror …

Scan Your Home Network For Vulnerabilities

Read More

If your like me, you have too many devices on your network, and there is no way to ensure that the software is up to date on everything.  This is when Nessus home version could be very useful to find those specific versions of software on your network that are out of date or let …

Installing Nessus (Linux)

Read More

Generally new patches are released to fix some vulnerability that exists in the software running on a machine. One easy way to check what vulnerabilities exist on a system is to do a vulnerability scan. Nessus is one of the popular tools currently in the industry. This tool is easy to use and quickly allows …

NMAP Essentials

Read More

NMAP is a very useful tool used for discovering more information about a target host/network. This will normally be used in the early stages of penetration testing to find interesting targets that may be vulnerable. NMAP is also very useful for network administration and troubleshooting. NMAP has many more useful purposes and having it in …

Installing Kali Linux v2017.3

Read More

Kali Linux is a distro that is designed for network analysis and penetration testing.  This includes many specialized tools to assist the user with discover, enumeration, analysis, exploitation, and much more.  If you want to build this installation in a Virtual Machine Click here for a walk-through. 1.Visit https://www.kali.org/downloads and grab the ISO 2. You can use …

Setting up a Virtual Machine with Virtual Box (Windows 10)

Read More

In order to really dig into IT without the worry of destroying your home machine or buying extra hardware it is essential to be comfortable booting up virtual machines. Not only will this allow you to test, but will help you feel comfortable with virtual environments in the corporate arena. Lets start with the source …

Welcome to Trenches of IT

Read More

We​‌​‌​‌‌‌​​‌​‌‌‌‌​​‌​‌‌​‌​​​‌‌​​‌‌​‌‌‌‌‌‌​​‌​‌‌​‌​​​‌‌​​‌‌​‌‌‌‌‌‌​​​‌​‌‌‌​​‌​‌‌‌‌​​‌‌​‌​‌‌​‌‌‌‌‌‌​​‌​​‌​‌​​‌‌​‌​‌​​​‌‌​​‌​​​‌‌​​‌​​‌‌‌‌​‌​​‌‌​​​‌​​‌‌​‌​‌‌​‌‌‌‌‌‌​​​‌​‌‌‌​​‌​​​​‌‌​‌‌‌‌‌‌​​‌‌‌​​‌​​‌​‌‌‌‌​​‌‌‌‌​‌​​‌​​​‌‌​​‌‌​​​‌​​‌‌​‌​‌‌​‌​​​‌lcome to the Trenches of IT.  As an infor​‌​‌​‌‌‌​​​‌‌​‌‌​​‌‌​‌​‌​​‌​​​‌‌​​‌‌‌​​‌​​‌​‌‌‌‌​​‌‌​‌​‌​​​‌‌​​‌‌​‌‌‌‌‌‌​​‌​​​​‌​​‌‌​​‌‌‌​‌‌‌‌‌‌​‌‌​‌‌​‌​‌​‌​‌‌mation technology professional, I know the feeling of not being able to talk with anyone about what we do.  People just don’t understand what we are expected to know and perfect daily in our careers.  The purpose of this site is to allow Information Technology professionals to …