Tracking SSH Brute-force Logins with Splunk

If you manage servers with OpenSSH access, you have no doubt been subject to the barrage of ssh brute-force attempts that occurs across the internet. Some administrators deal with this by either changing the default port (security by obscurity), utilizing public keys, threshold blocking, or white-listing source IP addresses among other things. AWS has security … Read more

Raspberry Pi Centralized Log Server

Setting up a Pi to be a centralized log store is amazingly simple. If you are using Raspbian it comes with rsyslog installed by default, so all that’s left is to setup the config and tailor log rotation. First, you should create a directory under /var/log for all the remote logs. sudo mkdir /var/log/central Then edit the … Read more

ELF Binary Disassembly

Let us take a tour through a disassembly dump of an ELF binary and see if we can reverse engineer it. The following output is a result of: mech@dev:$ gcc -o distut distut.c mech@dev:$ objdump -d distut|grep main The reader is assumed to be familiar with the above output. I have removed the memory addresses … Read more

IBM M1015 9220-8i cross-flashed to LSI 9211-8i IT mode

Flashing a raid card to a different firmware takes about five minutes, however if you have never done it before, the research process can be an order of magnitude higher. I spent about a day parsing all the blogs, forum posts, and subreddits that discuss flashing the LSI9211 HBA firmware to IT mode on compatible … Read more