Blog

My DFIR Blog

And other Cyber related things

I recently needed to deploy an IDS and full packet capture on a small network. Fortunately the open source community has had such a thing for a while. Security Onion.

A Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort,...

Continue reading...

Before I begin this post let me get the following statements out of the way.

I Am NOT A Lawyer. The use of the Tools and Techniques discussed in this post may not be legal in your country. The original credit for the discovery belongs to Shawn Denbow and Jesse Hertz. All I did was expand on their...

Continue reading...

This post is old. If you want to deploy an IDS at home I suggest looking at https://securityonion.net/ which provides an open source Security Appliance with Snort and many other features.

An Intrusion Detection System at is simplest is a network monitoring tool. It is designed to match patter...

Continue reading...

In my previous post I had decided / was forced to replace ESXi with ProxMox and that it was capable of running OpenVZ containers, which was something I wanted to play more with.

OpenVZ Containers are a method of OS virtualization that can create multiple, secure, isolated Linux containers. Each...

Continue reading...

NanoCore is one of many Remote Access Trojans that are available. This particular rat is a so called premium rat which means it comes with a price tag. The current price to buy the latest version is $20. In the Authors own Words

However as this is a premium rat it is also one of the types that m...

Continue reading...