One of the many reasons I decided to deploy honeypots is to be able to observe attacker tactics, techniques, and procedures (TTPs). This blog post will share a frequently used tactic that attackers use to keep access once they have compromised one of my distributed honeypots. You may benefit from the rest of this content … Read more
This blog post is the second installment of a series I want to use to cover lessons learned and interesting observations from my honeypots. These honeypots are geographically dispersed and have been running for a few years. Hopefully, this and future posts will add some value for someone. While looking over some of my honeypot … Read more
Whenever I want to analyze a relatively small packet capture (PCAP), I load it up in Wireshark and get the job done. However, this process does not scale and becomes a problem with large-sized pcap files. Even if you split, let’s say, a 25 terabyte PCAP up into smaller chunks, can you imagine how long it would … Read more
Git clients perform certificate verification whenever you interact with a remote repository over TLS. Since the Department of Defense (DoD) certificates are not in most mainstream operating systems, the validation fails. The quick and insecure solution is to disable certificate verification globally. git config –global http.sslVerify false Or you can also use the -c option, … Read more
There are various wargaming sites such as SmashTheStack, OverTheWire, and IO Wargame that provide a platform for users to legally exploit real world software vulnerabilities. Source code is provided with a few of the challenges, which you can copy to a local research machine instead of working remotely. Keep in mind that the sites hosting … Read more
Whenever I stand up a new Linux machine, I always find myself doing the same four things: Creating my main user account Creating an ansible user account Configuring sudoers Copying over SSH Public Keys. Definitely, not something that evokes fun. I have tried various automation tools, but ansible has found a very special place in … Read more
Mounting disk images on Linux is fairly straight forward, however an image with a Logical Volume Manager (LVM) partition requires a little more attention. The first thing I do is find out some information about the image(s): root@box:# fdisk -l -o Device,Type,Size disk.img Device Type Size disk.img1 Linux 1G disk.img2 Linux LVM 952.9G -l lists … Read more
This is mostly a post to document my process of setting up Full Disk Encryption (FDE) using the Linux Unified Key Setup (LUKS) and the Logical Volume Manager (LVM). Most major distributions already enable this process at installation, however Slackware does not and it must be done by hand. I am going to use an … Read more
dnsmasq on Slackware 14.2 is compiled without D-Bus. lab$ dnsmasq -v | grep options Compile time options: IPv6 GNU-getopt no-DBus i18n no-IDN DHCP DHCPv6 <snip> … The logs show NetworkManager trying to start dnsmasq, but failing: dnsmasq[4466]: DBus not available: set HAVE_DBUS in src/config.h dnsmasq[4466]: FAILED to start up NetworkManager[3101]: <warn> dnsmasq exited with error: … Read more
UPDATED: I have created an all-in-one (AIO) version that includes nginx using TLS. Apache Guacamole is a client-less remote desktop gateway. I use it in order to access my lab when traditional methods are not available. Guacamole does not use agents or fancy plugins, you only need an HTML5 supported browser and you can access … Read more