These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis. Attacker Location: Connection By Country(20): 07_15_2020-IOC-COUNTRY.csv Top attacking countries are China (23.12%) Ireland (15.26%), United States(7.84%), Russia (7.84%), … Continue reading "Threat Intelligence Report- IOCs Weekly"
Read MoreTag: analysis
ELF Analysis- kiga.x86
In addition to my weekly threat intel report, I’ll highlight a file/executable/exploit attempt seen in the last week. I’ll do some basic file analysis to better understand what it is, and what it’s trying to accomplish. Hopefully this can provide contextual data for those doing their own research. This week we’re looking at kiga.x86. Using … Continue reading "ELF Analysis- kiga.x86"
Read MoreSecurity Onion & Splunk: Alert Analysis Workflow/Examples
Security Onion & Splunk is setup successfully, everything is ingesting and properly alerting but now what? That largely depends on your individual situation, but I can assume you’ll see some alerts and need to do an investigation. So this article will address how to use Security Onion & Splunk to perform an investigation on your … Continue reading "Security Onion & Splunk: Alert Analysis Workflow/Examples"
Read MoreHome Router- DMZ/Transparent Mode
The first Intro to Security Analysis- HomeIDS article focuses on configuring a home router for DMZ or transparent mode. This allows us to send all traffic destined for our public IP to an internal resource. This resource could be anything… A software based firewall, or in my case, a Sophos Home hardware UTM. This allows … Continue reading "Home Router- DMZ/Transparent Mode"
Read More