Migrating Splunk Storage to S3 SmartStore

Splunk is a software technology that allows you to index, search, analyze, and visualize data at scale. I use it to ingest logs from my honeypots, homelab, and other projects. Initially, I had Splunk running in a local virtual machine where everything was fine except for the downtime, so I rapidly migrated it to an Amazon … Read more

Managing Password Hygiene

According to a study by NordPass, the average user with an online presence has about 80-100 passwords. This explains to some degree why individuals tend to use easy passwords. Just take a moment to think about how many passwords you have. What’s the current state of your password hygiene? Do you use the same password … Read more

Email Spam: Forgotten Bitcoin

This is the first installment of a spam email series where I investigate what happens when you click on those links we security professionals keep telling you not to click on. I hope it provides some value to someone and keeps one less person from falling prey to these ever-prevalent schemes. Like most of you, … Read more

Detecting Default Meterpreter HTTPS Listeners

Meterpreter is an advanced payload within the well-known Metasploit Framework (MSF). We will look specifically at the reverse_https payload and see how we can detect the listener in our environment. I always tell my junior analysts to make sure they can detect the low-hanging fruit. For instance, most tools such as Metasploit and Cobalt Strike … Read more

Honeypot Diaries: Masscan

This blog post is the second installment of a series I want to use to cover lessons learned and interesting observations from my honeypots. These honeypots are geographically dispersed and have been running for a few years. Hopefully, this and future posts will add some value for someone. While looking over some of my honeypot … Read more

Setup and Securing Winlogbeat

Winlogbeat is a lightweight open-source Windows agent that uses the Windows API to ship different event logs to Logstash or Elasticsearch. I have been a Splunk user for quite some time, but I have started to also leverage the Elastic Stack at work and in my home lab. This post is for my reference and anyone trying to configure … Read more

Ingesting PCAP Files with Zeek and Splunk

Whenever I want to analyze a relatively small packet capture (PCAP), I load it up in Wireshark and get the job done. However, this process does not scale and becomes a problem with large-sized pcap files. Even if you split, let’s say, a 25 terabyte PCAP up into smaller chunks, can you imagine how long it would … Read more

Cryptocurrency Pump & Dumps

Cryptocurrencies like Bitcoin and Dogecoin have seen greater adoption by retail and institutional investors over the last year. I’m not going to get into the reasons for this, but the ubiquitous stories of crypto millionaires add to the fear of missing out (FOMO).  I use discord for a subset of my online collaboration, and that includes following some cryptocurrency … Read more