-
Wazuh: When things go wrong
Click or not...: Wazuh: When things go wrongWazuh is a great EDR (Endpoint Detection and Response) system. It’s free, easy to setup, which I’ve covered in another post: When things go wrong You may set up a wazuh server, and forget about it. Or perhaps you’ve lost track of it and get it back online only to discover the UI isn’t loading.… Read more...
-
CSRF Exploitation
Click or not...: CSRF ExploitationCSRF is a type of vulnerability where a request (POST) originates from a different domain (ORIGIN) than the target. If a vulnerable site allows another domain to send a request, it will be processed. The request would be crafted to make a change to a user account, and the trick is to get a user… Read more...
-
ZAP and it’s terrifying problems
Click or not...: ZAP and it’s terrifying problemsI really want to use ZAP. It’s free, it’s good, but I have some significant issues with it that give me grave concerns in its usage. Attacking Out of Scope Targets I have a site I test for work. It’s in a test environment. The web application has links to google api’s, Mozilla libraries, etc.… Read more...
-
Getting Data on Usernames
Click or not...: Getting Data on UsernamesAs an OSINT investigator, knowing a person’s usernames is like knowing their aliases. Oftentimes people reuse the same username, as an alternate ID, and this makes profiling and data gather a bit easier. One caveat, a user may use a username shared by others, but if it’s very specific then there’s less chance of pollution.… Read more...
-
Installing GHunt
Click or not...: Installing GHuntIn a recent post, I discussed the data leakage that can occur from public reviews and ratings. This is especially concerning when paired with a tool like GHunt. GHunt can be viewed from another perspective as a tool for investigators. If you get a Gmail during an investigation of an event or target, that email… Read more...
-
Getting Info on Gmail Accounts
Click or not...: Getting Info on Gmail AccountsA lot of us balance privacy concerns vs. usability and in that regard some (maybe most?) are unaware of the data that can be obtained with their Gmail account. Gmail makes use of a Google identifier (Gaia ID), which stores publicly shared data. This data can be reviews, checkins, or various forms of geo tagging… Read more...
-
Wazuh Install and Maintenance
Click or not...: Wazuh Install and MaintenanceTo date I’ve installed Wazuh three different ways: Beyond the core install there is also the email setup and some maintenance elements that must be completed: namely configuring the index lifecycle. Without adjusting a regular deletion of indexes as they reach an age limit, the hard disk will become filled over time. All this will… Read more...
-
Security Setup at work, home or to learn
Click or not...: Security Setup at work, home or to learnThere are a lot of tools for security. Tools that get the most attention are perhaps offensive ones, but defensive tools and skillsets are very much needed. In this article, I wanted to mention the security measures that I would put in place if I were to jump into a team that had little to… Read more...
-
EDR [WAZUH]
Click or not...: EDR [WAZUH]EDR (Endpoint Detection and Response) is a valuable security layer. While Antivirus protects the system against known threats (in theory), and an IDS (Intrusion Detection System) protects a network against threats, the EDR monitors known endpoints (computer, server, etc.) in a network. The EDR installs an agent on each device in the network and relays… Read more...
-
GVM – Package Scanning
Click or not...: GVM – Package ScanningAccording to the GVM documentation, when you set up a scanner you can add credentials and escalated privileges. The purpose of these credentials, is to allow administrative/root access to a machine, in order to scan the installed packages. Version information of all installed packages is then cross referenced to know CVE’s. The result is a… Read more...
Recent Posts
- Wazuh: When things go wrong
- CSRF Exploitation
- ZAP and it’s terrifying problems
- Getting Data on Usernames
- Installing GHunt
Tags
App Archive.org CSRF dashboard EDR elasticsearch elk email Exercise EXIF filebeat GHunt Google Earth gvm IDS kibana logic Maltego OpenCTI openvas OSINT owasp philosophy Reporting Reverse Image Search scanner suricata Wazuh ZAP