Talking Technical Security. All the stuff I find interesting and enjoy. Covering Protective Monitoring, Penetration Testing, Network Security Monitoring, Forensics, and Incident Response. Go deep!
Entropy in a given character set
This is a python program to work out the Bits of Entropy for a given character set for a specific password size. In other words how random can a password be at a specific size when drawn from a range of characters.
In this post I wanted show how a Squid Proxy could be used with OpenDNS to provide a simple but effective security for home or small business. This blog post was inspired by the SANS course SEC530 Security Architecture & Engineering which leads to the GIAC Defensible Security Architecture (GDSA) certification. This is a great course for anyone looking to develop and improve their 'full stack' defensive posture. Monitoring is by courtesy of SOF-ELK , one of the many tools by those nice people at SANS . SOF-ELK is used in a few SANS course including FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response , and SEC555 SIEM with Tactical Analytics . OpenDNS Enterprise is now Cisco Umbrella , however, the OpenDNS Home service is available for free and small businesses can use the Prosumer services for a modest fee. The fist step is to install a CentOS 7 minimal and then apply the latest updates. In order to use the OpenDNS Home service I inst
Recently I have been doing far more AppSec work in Agile, Lean environment. I also took the SANS SEC 540 course Cloud Security and DevSecOps Automation which has lots of really great exercises but I like to try to create some of my own examples. In this one I wanted to create a CI/CD (Continuous Integration/Delivery) pipeline that integrates Static Analysis Software Testing (SAST) and Software Composition Analysis (SCA) and finally some Postman testing of API endpoints that include negative test (more on this later). To start with I needed some example code so I found an example and adapted it to my own needs. The code along with the other supporting files like the Jenkinsfile can found on my GitHub under Planetary-API . Please note, I don't claim to be the best coder in the world :-) I chose an API partly for simplicity of the examples and partly because there are things I wanted to explore further later in terms of bearer authentication and the use of JWTs (for another project
About netsa SiLK SiLK provides a way to capture netflow and interrogate flow data. It can be used for a variety of purposes including situational awareness, forensics and anomaly detection. Installing SiLK Prerequisites Before installing SiLK examine the perquisites for the build. I’m using CentOS 6.3 minimal install with a virtual machine disk of 100GB in total with a separate partition for /data of about 60GB. The virtual machine will be allocated 4GB of RAM and 2 virtual processors. Configure the network settings for your lab environment. In order to use YUM for installing software the the lab system will require access to the Internet. Download the following source code files from the netsa CERT project home page libfixbuf-1.2.0.tar.gz netsa-python-1.3.tar.gz silk-2.5.0.tar.gz yaf-2.3.2.tar.gz Copy the required packages to the /usr/local/src directory. If you are using scp to copy over the packages dont’ forget ‘yum install openssh-clients’ first on the serv