How I Passed the AWS Certified Security – Specialty

Read More

Anyone responsible for securing assets in Amazon Web Services may want to pursue the AWS Security Specialty certification. The exam has given me confidence to work at a professional level on any of the domains covered in the exam. What is it? The AWS Security Specialty certification was designed for professionals that currently work in …

LogRhythm Network Forensics at home

Read More

LogRhythm is a “NextGen SIEM” that allows much more than log management. They include all the current cyber security acronyms in their SIEM solution such as UEBA, NTBA, SAO, and TLM. I will be focusing on the network traffic and behavior analytics offering called LogRhythm NetMon. LogRhythm NetMon is used to collect inline or mirrored …

VulnWhisperer Ubuntu Server 18.04

Read More

Nessus professional is nice for small business vulnerability management, but the reporting is lacking until you upgrade to Security Center. VulnWhisperer uses the elastic stack to provide scan result summaries that are easy to review and report to management or operations teams for remediation. Impress your C-suite with vulnerability reports using VulnWhisperer. Prerequisites: Ubuntu 18 …

AWS Inspecting with Inspector

Read More

Inspector is a tool/service provided by AWS that allows for assessing the vulnerability and compliance posture of instances in your cloud and on-prem environment. One immediate benefit to using Inspector is that no ports need to be opened on the instance to allow for vulnerability and compliance scanning. This keeps the attack surface small while …

GHIDRA v9.0 Starter Guide

Read More

IDA has been the standard for reverse engineering for many years, but the price of licensing for the software has kept the product from the reach of many small to medium size IT departments. This changes with the introduction of GHIDRA. GHIDRA is a set of open source tools released by the NSA that will …

Logging and Alerting on EC2 instances with AWS

Read More

I will be showing the process of logging from the OS on an EC2 instance to CloudTrail, then sending an alert based on a specific action performed on the EC2 instance using multiple AWS services. The first step is to install the CloudWatch agent on the EC2 instance. I will showing how to install the …

DISA STIG RHEL with Ansible

Read More

Now before we dive in, lets explain what we are doing, and why we are using this method. DISA STIGS are DOD IA configuration standards used for systems that play a critical role in providing government services. Based the the capabilities of the system, these configuration changes will harden a system and reduce the attack …

DevSecOps Git-Secrets AWS

Read More

DevSecOps is the term being passed around recently. Instead of talking about what it is, I wanted to provide an action item that would be quick and easy to implement into your environment. This method will scan git repositories for AWS keys before making them public. What is git secrets? Git-Secrets has the ability to …

TUCTF Event

Read More

This weekend I decided to check out the TUCTF Capture the Flag event.  The event started on Nov. 23rd 2018 in the evening. Location – Online: https://tuctf.com/challenges The rules were simple: ABSOLUTELY no sharing flags There is no limit to team members Prizes are given to the top 3 placing collegiate and high school teams …

Hide Messages With Ulterior

Read More

While working on a CTF a couple of weeks ago I ran across a challenge that required inspecting a web app. The page had one line of visible text, however the source showed many repeating patterns of characters(‌​) Say “Hello” to zero-width characters. These characters are called non-printing characters so they are not visible while …

Building PenTest Framework in AWS

Read More

Building your Command & Control environment from the cloud not only allows easy management of instances, but also provides scaling as needed.  This guide will show how to build a ubuntu server in AWS, and then download and install the PenTest Framework. Create an AWS account. Under Instances -> Select Launch Instance Within the Quick …

Malware Analysis – FLARE-VM

Read More

Malware analysis, like many other areas of information security, has an overload of tools and custom scripts.  With so many options it is difficult to stay on top of the most current useful tools for doing static/dynamic malware analysis.  I stumbled across a great resource recently and wanted to share.  Check out FireEye’s flare-vm. This …

Why…TP-LINK…Why?

Read More

Due to recent hardware failure, I have been on the market for a new switch to replace my CISCO 24 port.  I wanted something a bit smaller, that would still allow management features such as VLAN, QOS, Port monitoring, etc.  With these requirements in mind, I found a good deal on a TP-Link TL-SG1016DE.  This …

Scan Your Home Network For Vulnerabilities

Read More

If your like me, you have too many devices on your network, and there is no way to ensure that the software is up to date on everything.  This is when Nessus home version could be very useful to find those specific versions of software on your network that are out of date or let …

Installing Nessus (Linux)

Read More

Generally new patches are released to fix some vulnerability that exists in the software running on a machine. One easy way to check what vulnerabilities exist on a system is to do a vulnerability scan. Nessus is one of the popular tools currently in the industry. This tool is easy to use and quickly allows …

NMAP Essentials

Read More

NMAP is a very useful tool used for discovering more information about a target host/network. This will normally be used in the early stages of penetration testing to find interesting targets that may be vulnerable. NMAP is also very useful for network administration and troubleshooting. NMAP has many more useful purposes and having it in …