Click or not...: GVM – Package Scanning
According to the GVM documentation, when you set up a scanner you can add credentials and escalated privileges. The purpose of these credentials, is to allow administrative/root access to a machine, in order to scan the installed packages. Version information of all installed packages is then cross referenced to know CVE’s. The result is a… Read more...
Click or not...: Hack The Box [HTB] Review
At the time of this writing, I’m a bit on the fence with HackTheBox.com. On one hand they offer VM’s, training and certifications for a very decent price. On the other hand, I found the support to be lacking, the lessons to be wrong in various instructions and it left me frustrated at times. Pricing… Read more...
Click or not...: Hack The Box: Issues with Net Cat
Going through some material at Hack the Box (HTB), I came across various lessons that I couldn’t get past. I’m not fluent in NetCat, and it comes in many different variations, so I got stumped with the content of the course. The course content details setting up a listener using NetCat. The methodology however, isn’t… Read more...
Click or not...: ParrotOS: Fix Sherlock
The existing version of ParrotOS has a bug with social media lookup app, Sherlock. Specifically Sherlock has a bug where the version installed on ParrotOS won’t run (0.14.0). It requests you upgrade to 0.14.3. This upgrade can’t be done through apt, as ParrotOS will only pull down 0.14.0. To fix this, we need to download… Read more...
Click or not...: ElastAlert2 To Process ELK Notifications
Yelp created a repository to aid in the processing of notifications via ELK logs. This repo went dormant, but another fork of it ElastAlert2 has replaced it. For me, this is personally an amazing application. I can get notifications, without having to buy into a commercial license. Setup Source: https://elastalert2.readthedocs.io/en/latest/running_elastalert.html#as-a-python-package It requires Python 3.11+ If… Read more...
Click or not...: ELK: Creating a HTTP Status Code Graph
Having a graph showing HTTP Status codes over time is incredibly useful. A stacked bar graph can show an increase or decrease in one status code (such as 500 level), providing extreme usefulness at a glance. Consider the graph depicted at top of this article. We’re going to make that, but we’ll need access to… Read more...
Click or not...: Elastic’s Pricing Problem
I really love Elastic and their product lineup. They have some amazing options and the fact you can get started for FREE is a very strong plus. As a SIEM, the ELK stack (Elastic, Logstash, Kibana) is snappy, responsive, and consistent. Once I setup the index rotation I never have a problem with stability. But… Read more...
Click or not...: Obsidian Notes
I am a consummate note taker. For me, my blogs, are themselves giant notebooks. When I take notes I’ve used tools like EverNote and more recently, Obsidian. Obsidian is a light-weight note taking application that can interweave your notes together, creating relationships between notes. It all starts with the vault. A vault is a central… Read more...
Click or not...: OSINT Toolkit
Developer dev-lu has created a web application called the “OSINT Toolkit.” While I feel the name is a mismatch to its functionality, this is still a very useful little application. With a tiny modification in the docker-compose.yml, it can be stood up on a server and used to investigate potential threats. It’s also very light-weight.… Read more...
Click or not...: Elastic: Managing Memory
When I first stood up ELK on my home server, and later at the office on a VM, it didn’t dawn on me the impact of memory. While my work situation needed more memory, for more processing, my home environment was getting pummeled by the 50% memory consumption. According to Elastic documentation, their use of… Read more...
- GVM – Package Scanning
- Hack The Box [HTB] Review
- Hack The Box: Issues with Net Cat
- ParrotOS: Fix Sherlock
- ElastAlert2 To Process ELK Notifications
App Archive.org dashboard elasticsearch elk email Exercise EXIF filebeat Google Earth gvm IDS kibana logic Maltego OpenCTI openvas OSINT owasp philosophy Reporting Reverse Image Search scanner suricata