Detecting Default Meterpreter HTTPS Listeners

Meterpreter is an advanced payload within the well-known Metasploit Framework (MSF). We will look specifically at the reverse_https payload and see how we can detect the listener in our environment. I always tell my junior analysts to make sure they can detect the low-hanging fruit. For instance, most tools such as Metasploit and Cobalt Strike … Read more

Setup and Securing Winlogbeat

Winlogbeat is a lightweight open-source Windows agent that uses the Windows API to ship different event logs to Logstash or Elasticsearch. I have been a Splunk user for quite some time, but I have started to also leverage the Elastic Stack at work and in my home lab. This post is for my reference and anyone trying to configure … Read more

Replacing the Default Splunk Web SSL Certificate

This post  goes over how to sign a SplunkWeb Certificate Signing Request (CSR) using my Root CA in pfSense. I do not cover creating the Root CA. Step 1: Create the directory for the certificates splunk@siem:~$ mkdir /opt/splunk/etc/auth/certs Step 2: Generate the private key and temporary password splunk@siem:~$ cd /opt/splunk/etc/auth/certs splunk@siem:~$ splunk cmd openssl genrsa … Read more

Using OpenSSL and pfSense to sign a Subordinate Windows Enterprise Certificate Authority

Disclaimer: A Root CA trusted by Active Directory should not be trivialized. Make sure you know what you are doing when working with PKI. Take the time to study the technology before implementing it in production environments. There hasn’t been any extensive testing of this setup, so your mileage may vary. I have a pfSense Security Gateway … Read more