No Logs No Breach
  • Threat Intel
  • Status Monitor
  • Links
  • Downloads

  • OpenCanary

    Spent some time setting up OpenCanary https://github.com/thinkst/opencanary and was impressed with how easy it was to set up. I wanted to add pushover notification support, and luckily someone shared their setup https://jasonmurray.org/posts/2022/install-tcanary-ubuntu/ For preservation purposes, I’m copying the entire loggerconfig section that worked for me:

    March 14, 2023

  • Cisco ASA Log Analysis in Elastic

    If you’re new to reviewing SIEM logs and you come across a Cisco firewall, you’ll find out that Cisco ASA logs can be challenging to interpret. Unlike most other vendors, Cisco decided to leave out the word “allowed” or “accepted” from log data of allowed traffic. Take a Fortigate firewall for instance: Pretty easy to […]

    July 30, 2022

  • .PLAY Ransomware

    I came across what appears to be a new ransomware variant last month during an IR engagement (June 2022). While I’m unable to determine attribution or affiliation at this time, my hope that sharing TTP and IOC related to .PLAY ransomware will help map information around this new variant by other responders and threat researchers. […]

    July 24, 2022

  • GVM 11 Install

    Using the following site as my guide, I installed GVM with these commands:

    April 29, 2022

  • Output to web from terminal

    I found myself on a terminal console session with no easy way to get output off the machine. I came across dpaste.com and it worked perfectly. In this example, you can replace the find command with whatever you need, and then curl the output as content to the dpaste.com API.

    April 29, 2022

  • Adding a drive in VMware

    If you find yourself needing to add an additional drive to VMware, for instance if you have a USB drive attached, Enable SSH and then use the following command: Copy the volume label that is returned. Then run the following command:

    April 29, 2022

  • Downloading M3U8 Sources

    I came across a video online that was hosted in JWPlayer. I wanted to pull the source and started to evaluate traffic in Chrome Dev tools and found the network traffic that was pulling down small snippets of video and a separate audio stream while the video played.Apparently the playback streams sections at a time. […]

    April 29, 2022

No Logs No Breach