Category Archives: Tools

Convert Windows Event Log .evtx to .csv

In my day job doing incident response, I find myself looking at a lot of Windows event logs. And I don’t know about the rest of you, but I do not find eventvwr.msc to be very user friendly to navigate and filter large files. If you are a XPATH master then sure, it’s probably just fine for you. I, however, am not.

I instead prefer to use the best incident response tool ever created – Microsoft Excel. Sorting, filtering, and searching is a snap!

Continue reading Convert Windows Event Log .evtx to .csv

Review your Google account for suspicious activity

After the massive phish targeting Google accounts this week, I’ve had some people ask me how to make sure their Google account is secure. Luckily, Google has built in some great features that help you assess your account security and keep it safe.

If you suspect someone has hacked your account, just changing your password is not enough. There are ways a hacker can maintain access to your account even after you change your password. Follow the below steps to review the state of your account.

Continue reading Review your Google account for suspicious activity

Logrotate with alternate compression tool such as pigz

Logrotate is a versatile tool for rotating logs. When logrotate is configured to rotate a set of logs using the ‘compress’ command, by default the gzip utility will be used. gzip is a good utility but you may have a need to use something else. My need is:

  • Multi-gigabyte files need to rotate hourly or daily
  • Rotation and compression was taking several minutes per file
  • My CPUs were mostly idle

My solution was to use the pigz compression utility coupled with logrotate. pigz performs multithreaded gzip compression so some of the idle CPUs could be put to work. Here’s how to do it:

Continue reading Logrotate with alternate compression tool such as pigz

Automated ESXi Backup Without Dependencies!

I use VMware’s ESXi in my home lab environment. If you’re a technologist that is always messing with operating systems and applications, it is really the only way to go. But along with running any systems comes maintaining good backups!

There are numerous VMware backup products on the market. The problem is they all cost money. For me and other people who just play with this stuff for fun, that is not desirable. At all.

Continue reading Automated ESXi Backup Without Dependencies!

Install Thug on Kali Linux

EDIT: This post was originally written for Kali 1.0 in 2013. It was not tested on any later version.

I started this post with Backtrack, but since Kali Linux came out yesterday, I figured I would update the instructions to use the latest and greatest!

Thug is a low-interaction honeyclient put out by The Honeynet Project. The purpose of a honeyclient is to emulate a web browser when viewing malicious websites without actually visiting the page in a vulnerable browser. It can then follow redirects, pull down malware, and emulate browser plugins to pull down any of the malicious code trying to be served up to victims. You can read more about Thug here and here.

Continue reading Install Thug on Kali Linux