Blogs

Building TheHive

This is the first post about my journey of standing up a TheHive/Cortex/MISP environment. Other posts can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive

Continue reading

Journaling Activity

Keeping a work journal is something I’ve been thinking about for years but never got around to finding the right solution. Having the ability to go back to any given day to see what I got up too is incredibly powerful as generally my day to day line of work is so busy that theres a good chance I’m not going to remember the things I did last week, let alone last month or last year.

Continue reading

Behind Quasar

Warning - Dragons ahead The following post is for educational purposes only. I intend to show you what can happen if you get infected with a remote access tool (RAT) and just how easy it is to setup the Command and Control (C2) server. Don’t attempt to analyse malware on a system that you aren’t prepared to destroy and certainly do not be attempting this sort of analysis on ANY system you are not authorised for!

Continue reading

Last Month in AWS

Last month in AWS saw me rack up a bill of US$3.52 and while I expected this to be lower compared to last month, it turns out I got a little trigger happy with EC2 and S3. This was primarily due to the Detection Lab infrastructure that I was playing with. EBS stored volumes caused by AMI’s will cause your bill to shoot up quite quickly. I was also still performing some other lab based stuff and introduced SES into my permanent list of services ill be using.

Continue reading

Part VII Pokemon Value Over the Long Term

This is going to be a long series of posts over time. Links for quick reference can be found here: November 2018:Part I, Part II, Part III, Part IV December 2018:Part V January 2019:Part VI February 2019:Part VII September 2019:Part VIII October 2019: Part IX This month saw the opened Celestial Storm booster box peak at US$72.38 (AUD$101.54) but then settle down to a value of USD$71.74 (AU$100.64). Prices fairly steady but falling which I guess is in line with the set not being as new anymore.

Continue reading

Building Detection Lab in Aws Part II

With the local lab built these are the instructions for getting the Detection Lab into the AWS. How to stand up DetectionLab in AWS - Part II Pre-requisites Part I - Local Install Terraform installation Export VM’s as OVA’s Shutdown each VM and open up the VirtualBox GUI. Select each VM and select “File, Export Appliance”. Select the VM to export Select the output file Enter in any additional product information.

Continue reading

Building Detection Lab in AWS

Recently I was made aware of a GitHub project by Chris Long named “Detection Lab” which allows blue teams to see what a particular piece of malware does in an environment and conversely allows the red team to see what breadcrumbs their software may leave behind. Its a 4 lab server consisting of: Microsoft Windows AD Server Splunk Logging A Windows Event Forwarding Server Client Win10 machine Based off the back of last weeks CyberGym training and the fact that there are TerraForm templates for this setup, I decided to give this a shot.

Continue reading

Cybergym Defensive Training

This week I had an amazing opportunity to participate in a weeks worth of Cyber Defensive training at Cybergym. Cybergym is an Israeli based IT security company who provide organisations with the training, knowledge and tools to better defend their systems. They provided a tailored training solution with case studies, technical know how, hands on experience through live malware labs. Most importantly, we were able to spend 2 days in their “Cyber Arena” where we were able to apply the new found skills that we had learnt in a full on, real-time simulated environment where our network was attacked by Cybergym hackers brought in from Israel.

Continue reading

Setting Up Email via SES and Gmail

Email for the blog? well that was the next thing I was wanting to tick off the list. Not only for the blog (I’m 99.99% certain I wont ever get an email), but I’ve always wanted to just pass out throw away email addresses for when I attend conferences - just to see who’s giving my email address around. Luckily AWS have a solution called Simple Email Service (SES) which is designed for just this use case.

Continue reading

Last Month in AWS

Last month in AWS saw me rack up a bill of $3.40 and I expect this to be much lower next month now that I have abandoned Lightsail. The cost breakdown was as follows: As you can see, I did hit a wide range of services for the month and most of the stuff I played with had a free tier limit applied. Its great for spinning up a lab or three and the cost really was minimal.

Continue reading

Adding a Code Repo to the Blog

Now that I’ve established the blog, I would like to proof of concept a Continuous Integration, Continuous Deployment (CI-CD) pipeline for it. Its something that I know I will be able to utilise in the future and its a valuable skill to be across given that my line of work does include automation and scripting for both personal and professional reasons. Having the code stored in a git repository is the first step to this.

Continue reading

Acloudguru Serverless for Beginners

So the “Serverless for Beginners” is another lab based course brought to you by the folks at A Cloud Guru. Its course details how to build a video transcribing service with a web front end using multiple cloud technologies using node.js. It’s quite a cool little application, I’m not sure I have a real world use for such an application, but any “lab” that gets me to build with multiple technologies isn’t a bad thing when I’m studying for the exams.

Continue reading