Threat Hunting with Bro IDS
This post is a quick look at how I personally use Bro IDS for threat hunting. Specifically some of the queries I run when I start a hunt by data set. A quick note on Bro. Bro IDS is a pretty amazing piece of software for threat hunting and my go to tool of choice.
Read More…
SkyDog Con 2016 CTF – Walk Through Guide
Download Link The VM is now available for download on Vulnhub at the link below. https://www.vulnhub.com/entry/skydog-2016-catch-me-if-you-can,166/ Instructions The CTF is a virtual machine and works best in Virtual Box. Download the OVA file open up Virtual Box and then select File –> Import Appliance. Choose the OVA file from where you downloaded it. After importing
Read More…
How to Install Bro IDS 2.5 on Ubuntu 16.0x
I decided to write out the steps I took to for installing Bro IDS 2.5 on Ubuntu 16.0x. Before we begin installing Bro from source we need to make sure we have all the correct dependencies. On Ubuntu 16.0x you can run the following: sudo apt-get install cmake make gcc g++ flex git bison libpcap-dev
Read More…
SkyDog Con CTF – The Legend Begins
Sky Dog Con CTF – Over but not forgotten. Download Link http://bit.ly/SkyDogConCTF Instructions The CTF is a virtual machine and works best in Virtual Box. This OVA was created using Virtual Box 4.3.32. Download the OVA file open up Virtual Box and then select File –> Import Appliance. Choose the OVA file from where you
Read More…
Quick and Dirty: Installing Htop on FreeBSD 10.x
Htop is an interactive system-monitor process-viewer written for Linux. On most of my servers I have it up and running continually if I’m not actively on the box. It’s great to be able to quickly glance up and see the current state of a particular server or to see if something I’m running has gotten
Read More…
How to Visualize Network PCAP Files in Kali Linux
So this past weekend I attended the Security Onion Conference in Augusta, GA. While sitting in the back listening to some great speakers, @pentestfail and I were hacking away on a side project of his that involved analyzing a decent number of PCAP files. As usual I was doing my analysis using Wireshark. But when
Read More…
Kioptrix Level 1 Hacking Challenge Walkthrough
This is a walkthrough for Kioptrix Level 1. Although getting root on this box is pretty straightforward it’s a great place for those looking to get their feet wet when it comes to boot2root VM’s. I actually suggest this as a starting place rather than something like Metasploitable2, which is almost overwhelming with it’s list
Read More…
Double Kill – Hacker’s Dome CTF Walk Through Part 1
This past weekend our Quantum Security CTF Team (consisting of Kamil @vavkamil and myself @jamesbower ) competed on the Hacker’s Dome – Double Kill CTF. The competition consisted of two vulnerable machines with each containing both a user flag and a super user (root) flag. We were able to capture both flags on the first
Read More…
Creative Structure is Key by Haruki Murakami
There is a quote I read today by Haruki Murakami that really made me sit back and think about how I handle all my daily task and projects. Especially with my obsession lately for absolute peak performance in my life. “When I’m in writing mode for a novel, I get up at four a.m. and
Read More…
Own Windows with PowerShell using Nishang
Nishang is a framework and collection of scripts and payloads which enables usage of Windows PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests. PAYLOADS It contains many interesting scripts like download and execute, keylogger, dns txt pwnage,
Read More…