So, you have decided to install a pentesting distro to enjoy functionality that would be unavailable on a live usb. The very first question that needs to be asked is “How do I keep myself secure?” In addition to some of the more obvious features of most pentesting distributions, such as full disk encryption, macchanger and anonsurf there are some lesser known ways in which to ensure your Operational Security. In 5 easy steps we will seek to automate some of the tediousness of making sure your make sure your box is secure. Read more “5 Additional Hardening Steps When Creating a Secure Linux Pentesting Environment”
Before we begin configuring Security Onion, it’s a good idea to get an Oinkcode from snort.org if you’re going to use Snort.
Snort can also use the Emerging Threat rulesets.
There are three options available to obtain an Oinkcode.
- Community Edition – the rules are updated every 30 days, no support – FREE
- Personal – the rules are released daily, can submit false positives, home network or educational environments only – $29.99 per year
- Business – the rules are updated daily, priority support for false positives and Talos (the parent company) will work directly with you, for use in businesses, colleges, government, etc. – $399 per sensor per year
Once you create an account and pay for a subscription or not, you can find the Oink code by clicking on the email address in the upper right-hand corner of the page then select Oinkcode. Read more “Security Onion Set Up Part 3: Configuration”
In the world of Infrastructure-as-a-Service, Amazon Web Services have established themselves as a king with their “only pay for what you use” business model. Their affordable services are scale-able to fit any need, from a hobbyist that wishes to create a website all the way up to large multi-national corporations. One of Amazon Web Services most popular services, their S3 Simple Storage Service, when configured improperly, can quickly turn from a valuable asset, into a serious security vulnerability. Read more “The Dangers of Unsecured Amazon S3 Buckets and How to Find Them”
This article is straightforward in that if you’ve installed an operating system before this won’t be an issue. The recommended installation medium is Rufus. Rufus creates a bootable thumb drive where you can place [.]img or [.]iso images. Thumb drives have a far higher data rate transfer than DVD’s making the installation quick. Read more “Security Onion Set Up Part 2: Installation”
The Cuckoo Sandbox is an automated malware analysis sandbox where malware can be safely run to study its behavior. The benefits of setting up a Cuckoo Sandbox is immense. Having a private and an open source malware sandbox means that you can run any suspicious file without worrying about sensitive data being leaked to a public forum such as VirusTotal. Plus, this malware sandbox can be tailored toward your business security needs and tools. This guide will provide you with a basic installed and configured Cuckoo Sandbox to begin dynamically analyzing malware in a safe environment. Read more “Cuckoo Sandbox Setup Tutorial”
If you read my article on Security Onion planning and the mention of Snort/Suricata, Bro, and ELSA left you with questions, or if you haven’t read my Security Onion (SO) planning article but are looking for explanations of the various detection and analysis tools then this is the article for you. This is a Security Onion primer, and not part of the installation and configuration series. Read more “Security Onion Primer”
Security Onion is used for network security monitoring in which it analyses network traffic and computer logs sent to it by OSSEC, a host intrusion detection system (HIDS). The Overview section of Security Onion’s Github page describes it as a proactive tool, “Network Security Monitoring (NSM) is, put simply, monitoring your network for security-related events. It might be proactive when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. Whether you’re tracking an adversary or trying to keep malware at bay, NSM provides context, intelligence and situational awareness of your network.”
Security Onion (SO) was designed and is maintained by Doug Burks and is helped with maintenance by Wes Lambert (testing). Support for SO is handled through Google Groups, and you can expect a response within 24 hours but typically less. Read more “Security Onion Set Up Part 1: Planning”
Password cracking might be my favorite attack vector in the modern IoT landscape. There’s just something magical about firing up hashcat or John the Ripper and pitting your hardware against the product of questionable, human password choices.
Let’s begin with a brief walkthrough of hashcat. For those unfamiliar, a hash is an encrypted string of text, usually password text in the context of Information Security. Supporting a lot of different hashing algorithms, hashcat has an option for cracking almost any kind of hash. Read more “Aggressive Hash Cracking with Clouds and Chains”