Talking Technical Security. All the stuff I find interesting and enjoy. Covering Protective Monitoring, Penetration Testing, Network Security Monitoring, Forensics, and Incident Response. Go deep!
Entropy in a given character set
This is a python program to work out the Bits of Entropy for a given character set for a specific password size. In other words how random can a password be at a specific size when drawn from a range of characters.
I’ve been using Security Onion (SO) a lot lately, exploring the many great features of this awesome distro. Security Onion provides IDS either through Snort or Suricata as well as many other excellent network security monitoring tools such as Squert, Bro, NetworkMiner, Xplico, and many others. SO also has great open source IDS front end monitoring tools, Sguil and Snorby built in. I like using a VM on my desktop machine running Security Onion as my monitoring station, whilst deploying the Security Onion on my VMware ESXi lab server. I’m going to cover my test lab set up a little in this article for anyone interested in setting up their own.
One of things I love about using VMWare in the test lab is that gives you the ability to build a complete virtual network with different security zones, firewalls and IDS/IPS systems. Not to mention the fact that I couldn’t possibly have ten’s of servers deployed in my home office space, something I can easily do with just a couple of machine…
About netsa SiLKSiLK provides a way to capture netflow and interrogate flow data. It can be used for a variety of purposes including situational awareness, forensics and anomaly detection.
Before installing SiLK examine the perquisites for the build. I’m using CentOS 6.3 minimal install with a virtual machine disk of 100GB in total with a separate partition for /data of about 60GB. The virtual machine will be allocated 4GB of RAM and 2 virtual processors.
Configure the network settings for your lab environment. In order to use YUM for installing software the the lab system will require access to the Internet.
Download the following source code files from the netsa CERT project home page libfixbuf-1.2.0.tar.gznetsa-python-1.3.tar.gzsilk-2.5.0.tar.gzyaf-2.3.2.tar.gz
Copy the required packages to the /usr/local/src directory. If you are using scp to copy over the packages dont’ forget ‘yum install openssh-clients’ first on the server.
Start by updat…
Why tunnel SSH through a proxy server?An attacker could use this technique as an initial reverse connection or to enhance their capability once they have a foothold on a system. It allows an attacker to create an outbound connection using secure-shell (SSH) protocol utilising a proxy server to bypass firewall restrictions that would prevent native ssh port (TCP Port 22) reaching the Internet. Once an outbound connection via SSH is established a reverse tunnel can be created to provide the attacker access back into the environment using a graphical interface such as RDP or VNC.Tunnel out using a proxy serverSetup the tunnelThe Squid Proxy is configured to use the CONNECT method for HTTPS (SSL/TLS) only by default as it could not otherwise relay the encrypted protocol. The use of the CONNECT method is considered unsafe and generally the only port it would be configured for is 443So one thing the attacher must do, is to configure the end point SSH server to listen on port 443.Creating th…