HTB Resolute – No Metasploit

Hack the Box retired Resolute this week. This machine is rated medium and was released in December 2019. Root looks to be much more difficult than user on this one. Let’s see what we can find. Reconnaissance To start things off I start a NMAP scan running default scripts, version detection, saving outputs, maxing the …

How I Passed the PCNSA

What is the PCNSA? The PCNSA stands for Palo Alto Networks Certified Network Security Administrator. This is a mid-level exam provided by Palo Alto that covers the following topics: Security Platform and Architecture Initial Configuration Interface Configuration Security and NAT Policies App-ID™ Content-ID™ URL Filtering Decryption WildFire™ User-ID™ GlobalProtect™ Site-to-Site VPN Monitoring and Reporting Active/Passive …

Building a Splunk Dashboard for pfSense

After installing my pfSense firewall a couple of months ago, I have been wanting to get a nice dashboard built in Splunk. I will be building on the Snort configuration found in my last blog reviewing the Netgate-1100. (See Here) In this blog I show how to install and configure the pfSense Splunk application “TA-pfSense” …

CodeGate 2020 CTF

The weather is terrible and I have nothing planned, you know what that means…..CTF weekend!! Reviewed ctftime and seen a CTF I would be interested in called CODEGATE. CODEGATE has organized international hacking competitions since 2008 so this has to be good. Lets jump right in. Pre CTF Before any CTF I do the following: …

Netgate SG-1100 Review

Disclosure: Some links contained within this post are affiliate links, meaning, I will earn a commission if you click through and make a purchase. Identified with “#AL:” I recently purchased Netgate’s entry level pfSense solution, the Netgate SG-1100. The Netgate SG-1100 is a small, but powerful network/security hardware device with the open source pfSense software. …

Building a Splunk Dashboard for OpenVPN

Recently, I have started tinkering with Splunk dashboards and thought about systems or applications I would want to monitor from a “single pane of glass”. OpenVPN is my first thought due to the importance and wide use in the community. My OpenVPN build is on a CentOS 7 VM, so I will be using the …

Splunk Core Certified User Certification – Review

I work in information security and I enjoy everything SIEM related so learning Splunk was a no-brainer for me. Splunk has so many applications that almost any environment can benefit from a Splunk deployment. Whether you are using it as a log management system or creating dashboards for data analytics, Splunk provides a nice framework …

How I Passed the AWS Certified Security – Specialty

Anyone responsible for securing assets in Amazon Web Services may want to pursue the AWS Security Specialty certification. The exam has given me confidence to work at a professional level on any of the domains covered in the exam. What is it? The AWS Security Specialty certification was designed for professionals that currently work in …

LogRhythm Network Forensics at home

LogRhythm is a “NextGen SIEM” that allows much more than log management. They include all the current cyber security acronyms in their SIEM solution such as UEBA, NTBA, SAO, and TLM. I will be focusing on the network traffic and behavior analytics offering called LogRhythm NetMon. LogRhythm NetMon is used to collect inline or mirrored …