Category: Uncategorized

  • OpenCanary

    Spent some time setting up OpenCanary https://github.com/thinkst/opencanary and was impressed with how easy it was to set up. I wanted to add pushover notification support, and luckily someone shared their setup https://jasonmurray.org/posts/2022/install-tcanary-ubuntu/ For preservation purposes, I’m copying the entire loggerconfig section that worked for me:

  • Cisco ASA Log Analysis in Elastic

    If you’re new to reviewing SIEM logs and you come across a Cisco firewall, you’ll find out that Cisco ASA logs can be challenging to interpret. Unlike most other vendors, Cisco decided to leave out the word “allowed” or “accepted” from log data of allowed traffic. Take a Fortigate firewall for instance: Pretty easy to…

  • .PLAY Ransomware

    I came across what appears to be a new ransomware variant last month during an IR engagement (June 2022). While I’m unable to determine attribution or affiliation at this time, my hope that sharing TTP and IOC related to .PLAY ransomware will help map information around this new variant by other responders and threat researchers.…