Welcome to 2015

Hello and welcome to 2015. Hope you all had a great Christmas and a Happy New Year.

As I said in my last post of 2014 this year I plan to get more content on the blog on a more regular basis. Starting with the Home Lab build. Santa, AKA my wonderful wife, delivered me new hardware and so I am going to rebuild all my lab machines. I know I could just migrate the existing builds but there is something nice about starting a fresh year with fresh hardware and fresh builds. The hardware is not top of the line or expensive but is more than adequate for a home lab set up and at about £300 for server and drives is reasonable.

  • Dell PowerEdge CS24-NV7
  • Dual AMD Opteron Quad Core 2.1Ghz (2373)
  • 64Gb Ram.
  • 2TB DataStore
  • 2 Gigabit NIC
  • ESXi 5.5

Some of the guides are already written and just need some minor updates to reflect changes since I first posted them. All the build pages will be linked from the lab page. This will list the link and the last edited time. Here are the first set of posts I plan to get out / update over the next month.

  • Intrusion Detection System - Snort, Barnyard, PulledPork, Snorby
  • Full Packet Capture - Open FPC
  • Viper - Malware analysis Platform
  • Inetsim - Internet Simulator
  • Cuckoo - Dynamic Malware Analysis
  • JSDetox - Javascript code analysis and de obfuscator
  • Kippo + Kippo Graph - SSH HoneyPot
  • SMTP HoneyPot - Im thinking of using Shiva

Amongst all the build guides I will also be doing more in the way of malware analysis. I’m not going to look at malware from a deep technical perspective, instead I am going to look from an Incident Response perspective. Identify IOC’s from malware samples so you know what to look for on your estate. Use host based analysis to identify compromised machines. Look at malware that’s in the wild and create Network or Host based signatures.

I will also be looking at creating more Yara  & Snort rules and diving deeper in to the world of Encase Enscripts.

That’s all for now, If you have suggestions for adding to the lab environment let me know in the comments below.

As usual Questions, Queries, Comments Below.