Managing Password Hygiene

According to a study by NordPass, the average user with an online presence has about 80-100 passwords. This explains to some degree why individuals tend to use easy passwords. Just take a moment to think about how many passwords you have. What’s the current state of your password hygiene? Do you use the same password … Read more

Email Spam: Forgotten Bitcoin

This is the first installment of a spam email series where I investigate what happens when you click on those links we security professionals keep telling you not to click on. I hope it provides some value to someone and keeps one less person from falling prey to these ever-prevalent schemes. Like most of you, … Read more

Detecting Default Meterpreter HTTPS Listeners

Meterpreter is an advanced payload within the well-known Metasploit Framework (MSF). We will look specifically at the reverse_https payload and see how we can detect the listener in our environment. I always tell my junior analysts to make sure they can detect the low-hanging fruit. For instance, most tools such as Metasploit and Cobalt Strike … Read more

Honeypot Diaries: Masscan

This blog post is the second installment of a series I want to use to cover lessons learned and interesting observations from my honeypots. These honeypots are geographically dispersed and have been running for a few years. Hopefully, this and future posts will add some value for someone. While looking over some of my honeypot … Read more

Setup and Securing Winlogbeat

Winlogbeat is a lightweight open-source Windows agent that uses the Windows API to ship different event logs to Logstash or Elasticsearch. I have been a Splunk user for quite some time, but I have started to also leverage the Elastic Stack at work and in my home lab. This post is for my reference and anyone trying to configure … Read more

Ingesting PCAP Files with Zeek and Splunk

Whenever I want to analyze a relatively small packet capture (PCAP), I load it up in Wireshark and get the job done. However, this process does not scale and becomes a problem with large-sized pcap files. Even if you split, let’s say, a 25 terabyte PCAP up into smaller chunks, can you imagine how long it would … Read more

Cryptocurrency Pump & Dumps

Cryptocurrencies like Bitcoin and Dogecoin have seen greater adoption by retail and institutional investors over the last year. I’m not going to get into the reasons for this, but the ubiquitous stories of crypto millionaires add to the fear of missing out (FOMO).  I use discord for a subset of my online collaboration, and that includes following some cryptocurrency … Read more

Detecting Tor communication

TorĀ (The Onion Router) is an internet communication network built on privacy and anonymity. Much of the attention that Tor receives comes from the malicious segment of users that leverage the Tor network to conduct attacks while concealing their location. This negative association and challenge in attribution have led most organizations to block traffic coming from … Read more

Using DoD Root Certificates with Git

Git clients perform certificate verification whenever you interact with a remote repository over TLS. Since the Department of Defense (DoD) certificates are not in most mainstream operating systems, the validation fails. The quick and insecure solution is to disable certificate verification globally. git config –global http.sslVerify false Or you can also use the -c option, … Read more