Security Onion – Command Injection Vulnerability

seconion_capme

I recently needed to deploy an IDS and full packet capture on a small network. Fortunately the open source community has had such a thing for a while. Security Onion. A Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other… Read more »

DarkComet – Hacking The Hacker

Before I begin this post let me get the following statements out of the way. I Am NOT A Lawyer. The use of the Tools and Techniques discussed in this post may not be legal in your country. The original credit for the discovery belongs to Shawn Denbow and Jesse Hertz. All I did was expand on their POC. Back in… Read more »

Viper – Modules – Office

This follows on from the post detailing the basic usage of viper. If you have not read that post I would start there. An index of all the modules can be found here. Office The office module is designed to extract meta data and stream information from a variety of office formats. As before this will showcase the analysis features of Viper… Read more »

Viper – Modules – APK

This follows on from the post detailing the basic usage of viper. If you have not read that post I would start there. An index of all the modules can be found here. APK The apk module is designed to extract information from Android Application Packages (APK). I am not going to look at the APK structure im just going to showcase what… Read more »

Viper – First Use

This series is going to take a closer look at using the Viper analysis platform and its associated modules. If you are new to Viper here are a few links for you. http://viper.li – The projects home https://github.com/botherder/viper – the projects GitHub Install Guide – My Install guide. Lets dive straight in and assume you have just finished installing and… Read more »

Decoding Rig Exploit Kit

This is going to be short and too the point. Python script to decode Rig Exploit Kit landing page. Its on my Github Here – https://github.com/kevthehermit/Scripts/blob/master/RigDecoder.py And this is a quick cast to show it in use. As usual Questions Queries Comments below.

Home IDS with Snort And Snorby

An Intrusion Detection System at is simplest is a network monitoring tool. It is designed to match patterns in network traffic that can be used to indicate malware infections, bad traffic or policy violations. You can read more about IDS here. I have discussed IDS installation in one of my early posts. In that post I used a pre-built, ready… Read more »

ProxMox Custom OpenVZ Templates

In my previous post I had decided / was forced to replace ESXi with ProxMox and that it was capable of running OpenVZ containers, which was something I wanted to play more with. OpenVZ Containers are a method of OS virtualization that can create multiple, secure, isolated Linux containers. Each container runs independently of each other and of the main Operating System. You can… Read more »

Deploying ProxMox Virtual Environment

Before I get in to the components that make up the lab I wanted to look at the server set up first. My original plan was to run ESXi on the server in the same way I did last time. However the hardware isn’t compatible with ESXi 5.x. After playing around for a couple of hours trying to get the disks… Read more »

Welcome to 2015

Kevin   January 1, 2015   No Comments on Welcome to 2015

Hello and welcome to 2015. Hope you all had a great Christmas and a Happy New Year. As I said in my last post of 2014 this year I plan to get more content on the blog on a more regular basis. Starting with the Home Lab build. Santa, AKA my wonderful wife, delivered me new hardware and so I am going to rebuild… Read more »