Event logs contain important information for use in troubleshooting and information security investigations. Infrastructure and security teams should make make a conscious decision about retention of their important event logs so data is available on an endpoint when needed. The easiest way to set retention is to specify a max file size for the event log. After reaching this size, the oldest events will be overwritten with new.
Setting the max size of the standard Application, Security, Setup, and System event logs via GPO to standardize the settings across a domain is easy. But setting the max size for other logs, such as those under Applications and Services Logs → Microsoft within Event Viewer, is not as straight forward.
Continue reading Increasing Applications and Services Event Logs size With regedit and GPO
Powershell v2 lacks many of the commandlets that we have come to know and love on more modern versions. Every now and then, you just have to do something on Windows 7 and you can’t update Powershell.
Below is an example script to PUT a file to an Amazon S3 bucket using Powershell v2. The missing functionality is the ability to set the “Date” HTTP header when using [System.Net.HttpWebRequest]. Even though the docs state that it should be settable, it is not. The Date header is required for AWS to validate the client generated signature. Continue reading Upload to Amazon S3 from Powershell v2
In my day job doing incident response, I find myself looking at a lot of Windows event logs. And I don’t know about the rest of you, but I do not find eventvwr.msc to be very user friendly to navigate and filter large files. If you are a XPATH master then sure, it’s probably just fine for you. I, however, am not.
I instead prefer to use the best incident response tool ever created – Microsoft Excel. Sorting, filtering, and searching is a snap!
Continue reading Convert Windows Event Log .evtx to .csv
I’m always looking for ways I can add layers of encryption and security to my network and I recently came across the DNSCrypt project created by OpenDNS. This toolset and infrastructure encrypts DNS queries from your machine or network so that your ISP can’t snoop on them. I decided to set up dnscrypt-proxy as a forwarder on my home router so that all DNS traffic leaving my network is encrypted.
Continue reading dnscrypt-proxy as a forwarder for BIND
WordPress (this blog) is constantly being brute forced by bots that scan the internet looking for weak passwords. I wanted to better visualize these attempts. Here’s how I did it with Splunk.
Continue reading Monitoring WordPress Brute Forcing with WordFence and Splunk
After the massive phish targeting Google accounts this week, I’ve had some people ask me how to make sure their Google account is secure. Luckily, Google has built in some great features that help you assess your account security and keep it safe.
If you suspect someone has hacked your account, just changing your password is not enough. There are ways a hacker can maintain access to your account even after you change your password. Follow the below steps to review the state of your account.
Continue reading Review your Google account for suspicious activity
In part 1 we covered the hardware setup of my Raspberry Pi based timelapse camera. Now we tackle the software.
- Configurable image capture interval.
- Images are stored on a USB flash drive for easy retrieval.
- Only takes pictures during the day. Daytime is determined by the awesome sunwait utility that calculates sunrise and sunset based on latitude and longitude.
- The image capture script can be bypassed by flipping a switch connected to GPIO so you can boot into the OS.
- A log is written to keep track of battery voltage over time.
- The script is updated from the USB flash drive on every boot so you don’t need to manually boot into the OS every time you want to tweak the interval. Simply update the script on the flash drive and on second boot, you’ll be running the new code.
The couple scripts are written in bash and are available in my github here: https://github.com/dewoodruff/picam
Continue reading picam – Raspberry Pi battery powered timelapse camera – part 2 – software
Timelapse cameras are fun. I’ve done a few timelapse videos (like this one with a really crappy webcam driven by an original Eee PC laptop) and I have some ideas for other long term videos in the future, so I wanted a higher quality, more autonomous setup. My requirements:
- Waterproof so I can strap it to a tree for a few weeks
- Long battery life, so I can strap it to a tree for a few weeks
- Infinitely configurable delay between images depending on my goal for the video
- Easy to retrieve the images from it
- Don’t take pictures over night, because I’m lazy and don’t want to manually weed out black pictures. Sleeping over night means more battery life and less storage used too.
A Raspberry Pi seemed like a perfect platform. They are low power, they have camera module support, they’re small, and they’re cheap. With some extra hardware and scripting I can also turn it off between pictures to save even more power.
Here’s how I built it. Part 1 is the hardware setup and part 2 is the software.
Continue reading picam – Raspberry Pi battery powered timelapse camera – part 1 – hardware
Logrotate is a versatile tool for rotating logs. When logrotate is configured to rotate a set of logs using the ‘compress’ command, by default the gzip utility will be used. gzip is a good utility but you may have a need to use something else. My need is:
- Multi-gigabyte files need to rotate hourly or daily
- Rotation and compression was taking several minutes per file
- My CPUs were mostly idle
My solution was to use the pigz compression utility coupled with logrotate. pigz performs multithreaded gzip compression so some of the idle CPUs could be put to work. Here’s how to do it:
Continue reading Logrotate with alternate compression tool such as pigz
Felix Rusu from lowpowerlab.com has created an amazing library for the Arduino/ATMega platform to use cheap RFM69 wireless modules for wireless transmissions between nodes. For a list of all the features, see his readme: https://github.com/LowPowerLab/RFM69. His Moteino platform and library are perfect for roll-your-own home automation systems, which is just what I am doing!
However, in my mind the library was lacking one critical piece – being able to prevent wireless replay attacks. Using Felix’s library, RFM69 transmissions can be encrypted in hardware, but the receiving node had no way of verifying that the incoming transmission was from a legitimate node and should be processed. If an attacker captured a sensitive packet as it flew through the air, such as one to open your garage door, they could replay it at a time of their choosing and trick your home automation system into opening the door.
TomWS on the lowpowerlab forum and I did some brain storming and he proposed modifications to the base RFM69 library to virtualize some functions, allowing them to be overloaded to create ‘extensions’. Using his modification, I wrote a transmission session key extension.
More after the break…
Continue reading Session Key support for Arduino with RFM69 wireless module