Threat Intelligence Report- IOCs Weekly

These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis.  Attacker Location: Connection By Country(20): 07_15_2020-IOC-COUNTRY.csv Top attacking countries are China (23.12%) Ireland (15.26%), United States(7.84%), Russia (7.84%), … Continue reading "Threat Intelligence Report- IOCs Weekly"

Read More

Zeus Malware Analysis- Sophos UTM, Security Onion

I’ve posted about dynamic and automated analysis of the Zeus malware, but what about identifying Zeus from firewall & IDS logs? After executing Zeus, my Sophos UTM generated a few alerts. This is something that would absolutely stick out to me during daily log analysis. Drilling into the alert tells us threat “C2/Zaccess-A” attempted to … Continue reading "Zeus Malware Analysis- Sophos UTM, Security Onion"

Read More

Security Onion & Splunk: Alert Analysis Workflow/Examples

Security Onion & Splunk is setup successfully, everything is ingesting and properly alerting but now what? That largely depends on your individual situation, but I can assume you’ll see some alerts and need to do an investigation.  So this article will address how to use Security Onion & Splunk to perform an investigation on your … Continue reading "Security Onion & Splunk: Alert Analysis Workflow/Examples"

Read More

Setup IDS at Home- Security Onion 2020

Security Onion is probably the best IDS tool any InfoSec analyst can familiarize themselves with.  It has a load of open-source tools that every organizations should have deployed in some form. Whether it’s snort IPS, Zeek IDS, OSSEC HID or using Security Onion to search your logs in Elasticsearch, you can easily deploy and start … Continue reading "Setup IDS at Home- Security Onion 2020"

Read More

Setup SIEM @ Home with Splunk & Security Onion

Published: May 2, 2020 In this article, I’ll go over installing Splunk on-top of Security Onion, which we installed in my last post: Setup HomeIDS. I don’t recommend installing your log management system on the same machine as your IDS in production, but it’s great for easy analysis, development or a POC. First thing is … Continue reading "Setup SIEM @ Home with Splunk & Security Onion"

Read More

Setup Port Mirroring and VLANs at Home- Managed Switch

A switch capable of port mirroring and VLAN tagging is an essential purchase for every home lab. For your home IDS to work, you’ll need to mirror network traffic traversing the switch to a dedicated port. This switch port should be connected to a NIC dedicated as the sniffing interface for your IDS. In future … Continue reading "Setup Port Mirroring and VLANs at Home- Managed Switch"

Read More

Intro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel

I decided to write a series of articles detailing how you can practice the basic skills need to be an Information Security Analyst. If you’re looking to get into the InfoSec field, and blue team/threat hunting sounds interesting, these articles should guide you through setting up up your home IDS & Threat Intel lab. Every … Continue reading "Intro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel"

Read More