Projects

Fail2ban Setup

Fail2Ban is a great piece of software to keep those who would try (and fail) to access your services. It’s easy to setup as well, and can be as complicated as you want. Firstly perform the install by using this command. This will perform the install and create a service so that when you reboot, fail2ban will automatically start. sudo apt install fail2ban The configuration I am going to be performing will be for sshd, however there are stacks of pre-configured jails that can be used, and if it doesn’t have a pre-canned option, if your app has a log file file, then it can be customised accordingly.

Continue reading

Building MISP

This is part 3 of TheHive/Cortex/MISP build. In this part were installing MISP. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive

Continue reading

Setup Reverse Proxy for TheHive

This is part 2 of TheHive/Cortex/MISP build. In this part I’ll add a reverse proxy to TheHive. Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex

Continue reading

Building TheHive

This is the first post about my journey of standing up a TheHive/Cortex/MISP environment. Other posts can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive

Continue reading

Behind Quasar

Warning - Dragons ahead The following post is for educational purposes only. I intend to show you what can happen if you get infected with a remote access tool (RAT) and just how easy it is to setup the Command and Control (C2) server. Don’t attempt to analyse malware on a system that you aren’t prepared to destroy and certainly do not be attempting this sort of analysis on ANY system you are not authorised for!

Continue reading

Building Detection Lab in Aws Part II

With the local lab built these are the instructions for getting the Detection Lab into the AWS. How to stand up DetectionLab in AWS - Part II Pre-requisites Part I - Local Install Terraform installation Export VM’s as OVA’s Shutdown each VM and open up the VirtualBox GUI. Select each VM and select “File, Export Appliance”. Select the VM to export Select the output file Enter in any additional product information.

Continue reading

Building Detection Lab in AWS

Recently I was made aware of a GitHub project by Chris Long named “Detection Lab” which allows blue teams to see what a particular piece of malware does in an environment and conversely allows the red team to see what breadcrumbs their software may leave behind. Its a 4 lab server consisting of: Microsoft Windows AD Server Splunk Logging A Windows Event Forwarding Server Client Win10 machine Based off the back of last weeks CyberGym training and the fact that there are TerraForm templates for this setup, I decided to give this a shot.

Continue reading

Setting Up Email via SES and Gmail

Email for the blog? well that was the next thing I was wanting to tick off the list. Not only for the blog (I’m 99.99% certain I wont ever get an email), but I’ve always wanted to just pass out throw away email addresses for when I attend conferences - just to see who’s giving my email address around. Luckily AWS have a solution called Simple Email Service (SES) which is designed for just this use case.

Continue reading

Adding a Code Repo to the Blog

Now that I’ve established the blog, I would like to proof of concept a Continuous Integration, Continuous Deployment (CI-CD) pipeline for it. Its something that I know I will be able to utilise in the future and its a valuable skill to be across given that my line of work does include automation and scripting for both personal and professional reasons. Having the code stored in a git repository is the first step to this.

Continue reading

Acloudguru Serverless for Beginners

So the “Serverless for Beginners” is another lab based course brought to you by the folks at A Cloud Guru. Its course details how to build a video transcribing service with a web front end using multiple cloud technologies using node.js. It’s quite a cool little application, I’m not sure I have a real world use for such an application, but any “lab” that gets me to build with multiple technologies isn’t a bad thing when I’m studying for the exams.

Continue reading

edX AWS Developer: Building on AWS

So in my AWS studies I came across a course from edX titled “AWS Developer: Building on AWS”. This is an awesome course that gives you hands on experience with multiple services in AWS. Its structured in such a way where each week will only take a few hours to complete and there are 6 weeks of courses. If I recall as long as you are not “overly testing” your solution (which would have to be significant) you are unlikely to go over the free tier on AWS.

Continue reading

Adding SSL to S3 Static Website via Cloudfront

So now that i’ve moved the blog over to a serverless architecture I thought I’d take the time to post how I went about enabling SSL and where to from here. Simple Storage Services (S3) Getting a static website up via S3 is super easy. Open up the S3 console -> select your bucket -> go to Properties -> Static Website Hosting. Select Use this bucket to host a website.

Continue reading