Talking Technical Security. All the stuff I find interesting and enjoy. Covering Protective Monitoring, Penetration Testing, Network Security Monitoring, Forensics, and Incident Response. Go deep!
Entropy in a given character set
This is a python program to work out the Bits of Entropy for a given character set for a specific password size. In other words how random can a password be at a specific size when drawn from a range of characters.
In this post I wanted show how a Squid Proxy could be used with OpenDNS to provide a simple but effective security for home or small business. This blog post was inspired by the SANS course SEC530 Security Architecture & Engineering which leads to the GIAC Defensible Security Architecture (GDSA) certification. This is a great course for anyone looking to develop and improve their 'full stack' defensive posture. Monitoring is by courtesy of SOF-ELK , one of the many tools by those nice people at SANS . SOF-ELK is used in a few SANS course including FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response , and SEC555 SIEM with Tactical Analytics . OpenDNS Enterprise is now Cisco Umbrella , however, the OpenDNS Home service is available for free and small businesses can use the Prosumer services for a modest fee. The fist step is to install a CentOS 7 minimal and then apply the latest updates. In order to use the OpenDNS Home service I inst
Why tunnel SSH through a proxy server? An attacker could use this technique as an initial reverse connection or to enhance their capability once they have a foothold on a system. It allows an attacker to create an outbound connection using secure-shell (SSH) protocol utilising a proxy server to bypass firewall restrictions that would prevent native ssh port (TCP Port 22) reaching the Internet. Once an outbound connection via SSH is established a reverse tunnel can be created to provide the attacker access back into the environment using a graphical interface such as RDP or VNC. Tunnel out using a proxy server Setup the tunnel The Squid Proxy is configured to use the CONNECT method for HTTPS (SSL/TLS) only by default as it could not otherwise relay the encrypted protocol. The use of the CONNECT method is considered unsafe and generally the only port it would be configured for is 443 So one thing the attacher must do, is to configure the end point SSH server to listen on port 44
I’ve been using Security Onion (SO) a lot lately, exploring the many great features of this awesome distro. Security Onion provides IDS either through Snort or Suricata as well as many other excellent network security monitoring tools such as Squert, Bro, NetworkMiner, Xplico, and many others. SO also has great open source IDS front end monitoring tools, Sguil and Snorby built in. I like using a VM on my desktop machine running Security Onion as my monitoring station, whilst deploying the Security Onion on my VMware ESXi lab server. I’m going to cover my test lab set up a little in this article for anyone interested in setting up their own. One of things I love about using VMWare in the test lab is that gives you the ability to build a complete virtual network with different security zones, firewalls and IDS/IPS systems. Not to mention the fact that I couldn’t possibly have ten’s of servers deployed in my home office space, something I can easily do with just a couple of machine