Blue Team Tactics: Honey Tokens Pt. II

This is a multipart blog post, read part one and then continue here. We enabled filesystem auditing, created our audit template, and staged our honey tokens for deployment in part one. In part two, we will deploy the honey tokens and identify various methods for monitoring adversary interaction. Deploying honey tokens using PowerShell (PoSh) I … Read more Blue Team Tactics: Honey Tokens Pt. II

Raspberry Pi Centralized Log Server

Setting up a Pi to be a centralized log store is amazingly simple. If you are using Raspbian it comes with¬†rsyslog¬†installed by default, so all that’s left is to setup the config and tailor log rotation. First you should create a directory under /var/log for all the remote logs. sudo mkdir /var/log/central Then edit the … Read more Raspberry Pi Centralized Log Server