Category Archives: Analysis Envirnonment

Hunting Pastebin with PasteHunter

      5 Comments on Hunting Pastebin with PasteHunter

From a security analytics and Threat Intelligence perspective Pastebin is a treasure trove of information. All content that is uploaded to pastebin and not explicitly set to private (which requires an account) is listed and can be viewed by anyone. tl;dr Using Yara Rules to find and save interesting data from pastebin https://github.com/kevthehermit/PasteHunter Hackers and script kiddies are quick to… Read more »

Viper – Modules – Office

      No Comments on Viper – Modules – Office

This follows on from the post detailing the basic usage of viper. If you have not read that post I would start there. An index of all the modules can be found here. Office The office module is designed to extract meta data and stream information from a variety of office formats. As before this will showcase the analysis features of Viper… Read more »

Viper – Modules – APK

      No Comments on Viper – Modules – APK

This follows on from the post detailing the basic usage of viper. If you have not read that post I would start there. An index of all the modules can be found here. APK The apk module is designed to extract information from Android Application Packages (APK). I am not going to look at the APK structure im just going to showcase what… Read more »

Viper – First Use

      2 Comments on Viper – First Use

This series is going to take a closer look at using the Viper analysis platform and its associated modules. If you are new to Viper here are a few links for you. http://viper.li – The projects home https://github.com/botherder/viper – the projects GitHub Install Guide – My Install guide. Lets dive straight in and assume you have just finished installing and… Read more »

Home IDS with Snort And Snorby

      14 Comments on Home IDS with Snort And Snorby

An Intrusion Detection System at is simplest is a network monitoring tool. It is designed to match patterns in network traffic that can be used to indicate malware infections, bad traffic or policy violations. You can read more about IDS here. I have discussed IDS installation in one of my early posts. In that post I used a pre-built, ready… Read more »

ProxMox Custom OpenVZ Templates

      1 Comment on ProxMox Custom OpenVZ Templates

In my previous post I had decided / was forced to replace ESXi with ProxMox and that it was capable of running OpenVZ containers, which was something I wanted to play more with. OpenVZ Containers are a method of OS virtualization that can create multiple, secure, isolated Linux containers. Each container runs independently of each other and of the main Operating System. You can… Read more »

Deploying ProxMox Virtual Environment

      2 Comments on Deploying ProxMox Virtual Environment

Before I get in to the components that make up the lab I wanted to look at the server set up first. My original plan was to run ESXi on the server in the same way I did last time. However the hardware isn’t compatible with ESXi 5.x. After playing around for a couple of hours trying to get the disks… Read more »

Welcome to 2015

      No Comments on Welcome to 2015

Hello and welcome to 2015. Hope you all had a great Christmas and a Happy New Year. As I said in my last post of 2014 this year I plan to get more content on the blog on a more regular basis. Starting with the Home Lab build. Santa, AKA my wonderful wife, delivered me new hardware and so I am going to rebuild… Read more »

Viper in the browser

      3 Comments on Viper in the browser

Merry Christmas, Happy New Year and Seasons greetings to you all. This is my final post of the year. Next year I am hoping to post more content on a regular basis. I’m upgrading the lab at home and rebuilding it from the ground up. I have prepped most of the Virtuals and have documented their build process and usage… Read more »

EnCase And AnalyzeMFT

      2 Comments on EnCase And AnalyzeMFT

I have some familiarity with Windows Forensics having passed my SANS 508 exam, However Chip is my resident Forensics expert so when he pointed me in the direction of  a blog post about running python scripts in EnCase I was immediately interested. I haven’t really played with EnCase and have been looking for a reason, this seems like a good one. In… Read more »