Blue Team Tactics: Honey Tokens Pt. II

This is a multipart blog post, read part one and then continue here. We enabled filesystem auditing, created our audit template, and staged our honey tokens for deployment in part one. In part two, we will deploy the honey tokens and identify various methods for monitoring adversary interaction. Deploying honey tokens using PowerShell (PoSh) I … Read more

Mounting NFS Shares in Windows Using Identity Mapping

Before we begin let us enable Services for NFS and both Sub Features. The typical way you will see an NFS share mounted in Windows involves mounting the remote file system using the anonymous (anon) user: mount -o anon \\\mnt\NAS0\media G: This will give you read only access based on the configured permissions of the … Read more

Raspberry Pi Centralized Log Server

Setting up a Pi to be a centralized log store is amazingly simple. If you are using Raspbian it comes with rsyslog installed by default, so all that’s left is to setup the config and tailor log rotation. First, you should create a directory under /var/log for all the remote logs. sudo mkdir /var/log/central Then edit the … Read more