-
Honeypot Project – Badpwd.com
I recently built a honeypot with a focus on the capture of passwords that I could use to share results in real-time. I recognize that there are plenty of great honeypots out there (I run an instance of T-POT and am always impressed with how well it was built and all the honeypots it includes),…
-
Akira Ransomware
April 2023 has brought about a new ransom group called Akira. This post serves as a consolidation of public intel to help filter through the searches for Akira that just result in anime :-). IOCS Twitter Posts:
-
ESXArgs Ransomware
My thoughts and observations as I followed this incident and watched it unfold across the internet at the beginning of February. There’s not much that hasn’t already been said by various infosec resources (some links I found useful are shared throughout this post), but here’s my take all the same. What’s Special About It? This…
-
OpenCanary
Spent some time setting up OpenCanary https://github.com/thinkst/opencanary and was impressed with how easy it was to set up. I wanted to add pushover notification support, and luckily someone shared their setup https://jasonmurray.org/posts/2022/install-tcanary-ubuntu/ For preservation purposes, I’m copying the entire loggerconfig section that worked for me:
-
Cisco ASA Log Analysis in Elastic
If you’re new to reviewing SIEM logs and you come across a Cisco firewall, you’ll find out that Cisco ASA logs can be challenging to interpret. Unlike most other vendors, Cisco decided to leave out the word “allowed” or “accepted” from log data of allowed traffic. Take a Fortigate firewall for instance: Pretty easy to…
-
.PLAY Ransomware
I came across what appears to be a new ransomware variant last month during an IR engagement (June 2022). While I’m unable to determine attribution or affiliation at this time, my hope that sharing TTP and IOC related to .PLAY ransomware will help map information around this new variant by other responders and threat researchers.…
-
GVM 11 Install
Using the following site as my guide, I installed GVM with these commands:
-
Output to web from terminal
I found myself on a terminal console session with no easy way to get output off the machine. I came across dpaste.com and it worked perfectly. In this example, you can replace the find command with whatever you need, and then curl the output as content to the dpaste.com API.
-
Adding a drive in VMware
If you find yourself needing to add an additional drive to VMware, for instance if you have a USB drive attached, Enable SSH and then use the following command: Copy the volume label that is returned. Then run the following command:
-
Downloading M3U8 Sources
I came across a video online that was hosted in JWPlayer. I wanted to pull the source and started to evaluate traffic in Chrome Dev tools and found the network traffic that was pulling down small snippets of video and a separate audio stream while the video played.Apparently the playback streams sections at a time.…