Author: nologsnoadmin

  • OpenCanary

    Spent some time setting up OpenCanary and was impressed with how easy it was to set up. I wanted to add pushover notification support, and luckily someone shared their setup For preservation purposes, I’m copying the entire loggerconfig section that worked for me:

  • Cisco ASA Log Analysis in Elastic

    If you’re new to reviewing SIEM logs and you come across a Cisco firewall, you’ll find out that Cisco ASA logs can be challenging to interpret. Unlike most other vendors, Cisco decided to leave out the word “allowed” or “accepted” from log data of allowed traffic. Take a Fortigate firewall for instance: Pretty easy to […]

  • .PLAY Ransomware

    I came across what appears to be a new ransomware variant last month during an IR engagement (June 2022). While I’m unable to determine attribution or affiliation at this time, my hope that sharing TTP and IOC related to .PLAY ransomware will help map information around this new variant by other responders and threat researchers. […]

  • GVM 11 Install

    Using the following site as my guide, I installed GVM with these commands:

  • Output to web from terminal

    I found myself on a terminal console session with no easy way to get output off the machine. I came across and it worked perfectly. In this example, you can replace the find command with whatever you need, and then curl the output as content to the API.

  • Adding a drive in VMware

    If you find yourself needing to add an additional drive to VMware, for instance if you have a USB drive attached, Enable SSH and then use the following command: Copy the volume label that is returned. Then run the following command:

  • Downloading M3U8 Sources

    I came across a video online that was hosted in JWPlayer. I wanted to pull the source and started to evaluate traffic in Chrome Dev tools and found the network traffic that was pulling down small snippets of video and a separate audio stream while the video played.Apparently the playback streams sections at a time. […]