Blogs

The LaZagne Project

Warning - Dragons ahead The following post is for educational purposes only. The Lazagne project is a Python based tool that will attempt to extract username and password details from various applications on your Windows, Linux and Mac systems. As such, it would be considered a hacking tool. Portions of this tool have been adapted for use in the Qealler Malware. I decided that i’d run up a test Windows Virtual machine to run this against but can confirm that the tool works equally as well in Linux.

Continue reading

Podcast Roster

I’ve been listening to some podcasts of late…. 1200 hours in fact. 50 days worth of pods back to back. Well thats probably been over the course of a few years but you get the drift. I’ll listen to them on my travels to and from work, sometimes when im out walking and other times when I’m having a relax on the couch. My lineup is so full that I listen at chipmunk speed (1.

Continue reading

Part IX Pokemon Value Over the Long Term

This is going to be a long series of posts over time. Links for quick reference can be found here: November 2018:Part I, Part II, Part III, Part IV December 2018:Part V January 2019:Part VI February 2019:Part VII September 2019:Part VIII October 2019: Part IX I’m changing my attention away from the value of Celestial Storm for the moment and onto some new sets I have been tracking. This time it’s Sun and Moon - Unbroken Bonds.

Continue reading

Lets Go Phishing

User awareness training, it matters, more than you think it does. These days security is everybody’s responsibility and not just those running your information security team. Defense in depth and technical controls are not foolproof and it only takes a single well crafted email and your organisation could be owned. People are the last line of defense so we need to train staff to adopt a critical mindset in the hostility of email.

Continue reading

Mailtrap_io

Recently I’ve been working with python and smtplib to automate sending emails based off a template. The sending part of the emails worked flawlessly but I had issues where the emails were being delivered into the junk folder instead of the Inbox folder in Outlook. Now, if you’re going to a scripting emails to send out notifications, newsletters and general communications, losing your audience because the email gets trashed isnt ideal.

Continue reading

Wrapup of Thehive Misp Cortex

This is the formal end of this series but I wanted to write a quick conclusion peice, so this post is a reflection about this 4 in 1 open source threat and incident response platform and the journey to get there. All the other posts in this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP

Continue reading

Browsing Elasticsearch With Kaizen

Recently I had a few questions about what a particular Elasticsearch NoSQL Database was holding and I started poking using curl and the json search language, and for the untrained it can be daunting. Heaps of syntax, nesting and JSON arrays. It was overwhelming at first. On the plus side, its super granular so if you know exactly what you are looking for its super quick. Well I had a problem, I wasnt 100% sure what I was looking for and merely just wanted to browse the data for you know….

Continue reading

Revamping the Blog

It’s been just over 12 months since I’ve started bloging and this is now the 3rd iteration of the blog. First it was Wordpress on Lightsail. There was a cost involved and if you really want to make wordpress useful you need to add the security holes also know as plugins. It’s not that Wordpress was a bad solution, but I had no need for all the bells and whistles it could provide.

Continue reading

Upgrading Cortex

This is part 11 of the series about TheHive/MISP/Cortex and im covering off an upgrade of Cortex from 2.1.3 to 3.0.0. The other posts for this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex

Continue reading

Updating MISP

This is part 10 of this series. In this part I’m updating multiple minor versions of MISP. The other posts for this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex

Continue reading

Upgrading TheHive

This is part 9 where I begin to lifecycle manage TheHive/MISP/Cortex software stack. Previous posts in this series are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive

Continue reading

Integrate Misp to Thehive

This is part 8 of the Cortex build. In this part I’m integrating TheHive with MISP and it doesnt go as smooth as I would have liked, but I got some good troubleshooting done in the process which I’ve documented. This will allow us to post observables to MISP from TheHive and vice versa! Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive

Continue reading