Category Archives: Security

Increasing Applications and Services Event Logs size With regedit and GPO

January 28, 2020 Dan Leave a comment

Event logs contain important information for use in troubleshooting and information security investigations. Infrastructure and security teams should make make a conscious decision about retention of their important event logs so data is available on an endpoint when needed. The easiest way to set retention is to specify a max file size for the event log. After reaching this size, the oldest events will be overwritten with new.

Setting the max size of the standard Application, Security, Setup, and System event logs via GPO to standardize the settings across a domain is easy. But setting the max size for other logs, such as those under Applications and Services Logs → Microsoft within Event Viewer, is not as straight forward.

Continue reading →

Development, Security, Tools

Convert Windows Event Log .evtx to .csv

December 20, 2017 Dan 6 Comments

In my day job doing incident response, I find myself looking at a lot of Windows event logs. And I don’t know about the rest of you, but I do not find eventvwr.msc to be very user friendly to navigate and filter large files. If you are a XPATH master then sure, it’s probably just fine for you. I, however, am not.

I instead prefer to use the best incident response tool ever created – Microsoft Excel. Sorting, filtering, and searching is a snap!

Continue reading Convert Windows Event Log .evtx to .csv →

Security

dnscrypt-proxy as a forwarder for BIND

December 10, 2017 Dan Leave a comment

I’m always looking for ways I can add layers of encryption and security to my network and I recently came across the DNSCrypt project created by OpenDNS. This toolset and infrastructure encrypts DNS queries from your machine or network so that your ISP can’t snoop on them. I decided to set up dnscrypt-proxy as a forwarder on my home router so that all DNS traffic leaving my network is encrypted.

Continue reading dnscrypt-proxy as a forwarder for BIND →

Security, Tools, Uncategorized

Monitoring WordPress Brute Forcing with WordFence and Splunk

May 13, 2017 Dan Leave a comment

WordPress (this blog) is constantly being brute forced by bots that scan the internet looking for weak passwords. I wanted to better visualize these attempts. Here’s how I did it with Splunk.

Continue reading Monitoring WordPress Brute Forcing with WordFence and Splunk →

Security, Tools

Review your Google account for suspicious activity

May 6, 2017 Dan 1 Comment

After the massive phish targeting Google accounts this week, I’ve had some people ask me how to make sure their Google account is secure. Luckily, Google has built in some great features that help you assess your account security and keep it safe.

If you suspect someone has hacked your account, just changing your password is not enough. There are ways a hacker can maintain access to your account even after you change your password. Follow the below steps to review the state of your account.

Continue reading Review your Google account for suspicious activity →

Home Automation, Security

Session Key support for Arduino with RFM69 wireless module

March 15, 2015 Dan Leave a comment

Felix Rusu from lowpowerlab.com has created an amazing library for the Arduino/ATMega platform to use cheap RFM69 wireless modules for wireless transmissions between nodes. For a list of all the features, see his readme: https://github.com/LowPowerLab/RFM69. His Moteino platform and library are perfect for roll-your-own home automation systems, which is just what I am doing!

However, in my mind the library was lacking one critical piece – being able to prevent wireless replay attacks. Using Felix’s library, RFM69 transmissions can be encrypted in hardware, but the receiving node had no way of verifying that the incoming transmission was from a legitimate node and should be processed. If an attacker captured a sensitive packet as it flew through the air, such as one to open your garage door, they could replay it at a time of their choosing and trick your home automation system into opening the door.

TomWS on the lowpowerlab forum and I did some brain storming and he proposed modifications to the base RFM69 library to virtualize some functions, allowing them to be overloaded to create ‘extensions’. Using his modification, I wrote a transmission session key extension.

More after the break…

Continue reading Session Key support for Arduino with RFM69 wireless module →

Operating System, Security

ZFS on Linux with LUKS encrypted disks

October 13, 2014 Dan 46 Comments

WARNING: if you do this wrong or don’t understand the concepts, you risk losing your data. Be sure you know your way around linux and what you’re getting into before attempting!

To me, encryption of data at rest is just as important as encryption of data in transit. You never know if someone is going to break into your house and steal your computer. With so much personal information like financial data and pictures stored on the computer, it could be a major mess to recover from theft of your computer. (Of course, always keep an off-site backup for the really important stuff!)

I chose to migrate from the Solaris based OpenIndiana to Ubuntu. I had grown to love ZFS on OpenIndiana and didn’t want to lose its features. Luckily ZFS on Linux is now ready for prime-time! Unfortunately, ZFS on Linux is a few versions behind the official Oracle ZFS just like all other third part implementations of ZFS and does not support native encryption through the filesystem.

Continue reading ZFS on Linux with LUKS encrypted disks →

Operating System, Security

SSL Client Authentication Step By Step

May 7, 2014 Dan 10 Comments

SSL’s primary function on the Internet is to facilitate encryption and trust that allows a web browser to validate the authenticity of a web site. However, SSL works the other way around too – client SSL certificates can be used to authenticate a client to the web server. Think SSH public/private key pairs, if that is familiar to you. In this blog post I will outline the steps to create a certificate authority certificate, sign a server certificate and install it in Apache, and create a client cert in a format used by web browsers.

Continue reading SSL Client Authentication Step By Step →

Security, Tools

Install Thug on Kali Linux

March 14, 2013 Dan 8 Comments

EDIT: This post was originally written for Kali 1.0 in 2013. It was not tested on any later version.

I started this post with Backtrack, but since Kali Linux came out yesterday, I figured I would update the instructions to use the latest and greatest!

Thug is a low-interaction honeyclient put out by The Honeynet Project. The purpose of a honeyclient is to emulate a web browser when viewing malicious websites without actually visiting the page in a vulnerable browser. It can then follow redirects, pull down malware, and emulate browser plugins to pull down any of the malicious code trying to be served up to victims. You can read more about Thug here and here.

Continue reading Install Thug on Kali Linux →

Operating System, Security

The Security Onion – NSM in an ESXi VM

February 8, 2013 Dan 4 Comments

I’ve been hearing great things about the Security Onion project. It bundles up a whole bunch of great tools that can be used for Network Security Monitoring (NSM) so I thought I would give it a try on my home network. After all, next time the fiancé gets malware, it could be helpful to know what happened…

Continue reading The Security Onion – NSM in an ESXi VM →