Honeypot Diaries: Masscan

This blog post is the second installment of a series I want to use to cover lessons learned and interesting observations from my honeypots. These honeypots are geographically dispersed and have been running for a few years. Hopefully, this and future posts will add some value for someone. While looking over some of my honeypot … Read more

Ingesting PCAP Files with Zeek and Splunk

Whenever I want to analyze a relatively small packet capture (PCAP), I load it up in Wireshark and get the job done. However, this process does not scale and becomes a problem with large-sized pcap files. Even if you split, let’s say, a 25 terabyte PCAP up into smaller chunks, can you imagine how long it would … Read more

Using DoD Root Certificates with Git

Git clients perform certificate verification whenever you interact with a remote repository over TLS. Since the Department of Defense (DoD) certificates are not in most mainstream operating systems, the validation fails. The quick and insecure solution is to disable certificate verification globally. git config –global http.sslVerify false Or you can also use the -c option, … Read more

Stack Smashing at Home

There are various wargaming sites such as SmashTheStack, OverTheWire, and IO Wargame that provide a platform for users to legally exploit real world software vulnerabilities. Source code is provided with a few of the challenges, which you can copy to a local research machine instead of working remotely. Keep in mind that the sites hosting … Read more

Ansible User Account Provisioning

Whenever I stand up a new Linux machine, I always find myself doing the same four things:  Creating my main user account  Creating an ansible user account  Configuring sudoers  Copying over SSH Public Keys. Definitely, not something that evokes fun. I have tried various automation tools, but ansible has found a very special place in … Read more

Working with Raw LVM Disk Images

Mounting disk images on Linux is fairly straight forward, however an image with a Logical Volume Manager (LVM) partition requires a little more attention. The first thing I do is find out some information about the image(s): root@box:# fdisk -l -o Device,Type,Size disk.img Device Type Size disk.img1 Linux 1G disk.img2 Linux LVM 952.9G -l lists … Read more

Slackware LVM over LUKS

This is mostly a post to document my process of setting up Full Disk Encryption (FDE) using the Linux Unified Key Setup (LUKS) and the Logical Volume Manager (LVM). Most major distributions already enable this process at installation, however Slackware does not and it must be done by hand. I am going to use an … Read more

Using NetworkManager with DNSMasq and Slackware

dnsmasq on Slackware 14.2 is compiled without D-Bus. lab$ dnsmasq -v | grep options Compile time options: IPv6 GNU-getopt no-DBus i18n no-IDN DHCP DHCPv6 <snip> … The logs show NetworkManager trying to start dnsmasq, but failing: dnsmasq[4466]: DBus not available: set HAVE_DBUS in src/config.h dnsmasq[4466]: FAILED to start up NetworkManager[3101]: <warn> dnsmasq exited with error: … Read more

Migrating and Upgrading Apache Guacamole to Docker

UPDATED: I have created an all-in-one (AIO) version that includes nginx using TLS. Apache Guacamole is a client-less remote desktop gateway. I use it in order to access my lab when traditional methods are not available. Guacamole does not use agents or fancy plugins, you only need an HTML5 supported browser and you can access … Read more

AutoFS with DHCP Classless Static Route Option

My FreeNAS server is a virtual machine (VM) on my Dell r710 server. I mount my NFS and CIFS Shares using AutoFS and configure my static routes to the NAS using the DHCP Server on my pfSense Appliance.¬†AutoFS is software that uses the automounter of the Linux kernel to dynamically mount file systems on demand. … Read more