My buddy Aamir Lakhani wrote a guide on how to install a Secure Onion setup with Snort and Snorby. You can find the original on his blog at www.drchaos.com or HERE
Security Onion is a Linux distribution for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. Security Onion is a platform that allows you to monitor your network for security alerts. It’s simple enough to run in small environments without many issues and allows advanced users to deploy distributed systems that can be used in network enterprise type environments. Continue reading →
My buddy who wrote the Kali Linux book with me released another short book on setting up XenMobile. I was one of the reviewers for this and believe it is a great guide for anybody looking to configure a new XenMobile environment. You can find the book HERE as well as Amazon, Barns & Noble or other online resellers.
Mobile Device Management or MDM has become a very popular topic following the smart phone and tablet market explosion (more on this found HERE). Everybody seems to own a range of mobiles devices making provisioning wireless and maintaining security a ongoing challenge. To address this demand, a handful of vendors have developed mobile device management solutions to provide these and other capabilities. Continue reading →
I had a article published in PenTest Magazine earlier this year. Enough time has passed so I’m now able to post the entire article on my blog. You can find the original article in the PenTest Mag extra titled Backtrack Compendium found at http://pentestmag.com/. Continue reading →
For those not following recent technology news, Cisco just acquired Sourcefire for 2.7 billion dollars. This has generated a ton of interest in Sourcefire and something I’ve been hammered on the last few weeks being a Cisco engineer responsible for security. As a result, I’m posting a summary of what Sourcefire is all about.
NOTE: Expect changes as Cisco and Sourcefire merge. Also assume I may be off on some areas as I’m still learning the technology. Continue reading →
Here is a interesting post from Billy Austin found on www.drchaos.com HERE
What 3rd party apps do remote workers have installed?
Remote workers are nothing new, but the challenge of hunting down employees on-the-go and assessing these devices can be a task in and of itself. With the increase of cyber incidents triggered by remote connectivity & insecure 3rd party apps, one would think these devices are in-scope for security and compliance quarterly checkup scans. After speaking with security and auditing colleagues, it proved to be quite the opposite. Continue reading →
Here is a really cool post by the Chaos Computer Club found on Dr. Chaos’s blog (but they are not associated with each other) about bypassing Apple TouchID. For those watching the new iPhone releases, this is a major feature from the iPhone S. The original post can be found HERE
First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white wood glue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
It is very interesting to see what the FBI could use to monitor your computer behavior. Key-loggers are typically associated with cyber criminals however it seems that the FBI leverages similar tactics (which totally makes sense … why limit the best tactics to the malicious users). Key-loggers such as the magic lantern install themselves as a rootkit meaning they burrow into the core system making it difficult to detect and remove. One interesting note some sources are calling out about the FBI version is it is whitelisted by anti-virus vendors meaning commercial security products are designed to not remove it. This means you are on your own regarding detecting and removing this software. Continue reading →
My Lab – ASA5515, w520 (hosting ISE, NCS, Lancope, WSA and ESA), 3560 8 port switch, 2504 Controller + AP
I recently picked up an ASA5515 with Solid State Drive to support the next generation firewall features also known as ASA CX. This post will explain how to build a ASA CX home lab. I found limited troubleshooting documentation so hopefully my lessons learned would help you avoid my mistakes. I will stop once I can access the ASA and CX via direct GUIs and ASDM management. I will do another post on adding ASA/ASACX to PRSM and features overview as a Part 2 post. Continue reading →