-
GVM – Package Scanning
Click or not...: GVM – Package ScanningAccording to the GVM documentation, when you set up a scanner you can add credentials and escalated privileges. The purpose of these credentials, is to allow administrative/root access to a machine, in order to scan the installed packages. Version information of all installed packages is then cross referenced to know CVE’s. The result is a Read more...
-
Hack The Box [HTB] Review
Click or not...: Hack The Box [HTB] ReviewAt the time of this writing, I’m a bit on the fence with HackTheBox.com. On one hand they offer VM’s, training and certifications for a very decent price. On the other hand, I found the support to be lacking, the lessons to be wrong in various instructions and it left me frustrated at times. Pricing Read more...
-
Hack The Box: Issues with Net Cat
Click or not...: Hack The Box: Issues with Net CatGoing through some material at Hack the Box (HTB), I came across various lessons that I couldn’t get past. I’m not fluent in NetCat, and it comes in many different variations, so I got stumped with the content of the course. The course content details setting up a listener using NetCat. The methodology however, isn’t Read more...
-
ParrotOS: Fix Sherlock
Click or not...: ParrotOS: Fix SherlockThe existing version of ParrotOS has a bug with social media lookup app, Sherlock. Specifically Sherlock has a bug where the version installed on ParrotOS won’t run (0.14.0). It requests you upgrade to 0.14.3. This upgrade can’t be done through apt, as ParrotOS will only pull down 0.14.0. To fix this, we need to download Read more...
-
ElastAlert2 To Process ELK Notifications
Click or not...: ElastAlert2 To Process ELK NotificationsYelp created a repository to aid in the processing of notifications via ELK logs. This repo went dormant, but another fork of it ElastAlert2 has replaced it. For me, this is personally an amazing application. I can get notifications, without having to buy into a commercial license. Setup Source: https://elastalert2.readthedocs.io/en/latest/running_elastalert.html#as-a-python-package It requires Python 3.11+ If Read more...
-
ELK: Creating a HTTP Status Code Graph
Click or not...: ELK: Creating a HTTP Status Code GraphHaving a graph showing HTTP Status codes over time is incredibly useful. A stacked bar graph can show an increase or decrease in one status code (such as 500 level), providing extreme usefulness at a glance. Consider the graph depicted at top of this article. We’re going to make that, but we’ll need access to Read more...
-
Elastic’s Pricing Problem
Click or not...: Elastic’s Pricing ProblemI really love Elastic and their product lineup. They have some amazing options and the fact you can get started for FREE is a very strong plus. As a SIEM, the ELK stack (Elastic, Logstash, Kibana) is snappy, responsive, and consistent. Once I setup the index rotation I never have a problem with stability. But Read more...
-
Obsidian Notes
Click or not...: Obsidian NotesI am a consummate note taker. For me, my blogs, are themselves giant notebooks. When I take notes I’ve used tools like EverNote and more recently, Obsidian. Obsidian is a light-weight note taking application that can interweave your notes together, creating relationships between notes. It all starts with the vault. A vault is a central Read more...
-
OSINT Toolkit
Click or not...: OSINT ToolkitDeveloper dev-lu has created a web application called the “OSINT Toolkit.” While I feel the name is a mismatch to its functionality, this is still a very useful little application. With a tiny modification in the docker-compose.yml, it can be stood up on a server and used to investigate potential threats. It’s also very light-weight. Read more...
-
Elastic: Managing Memory
Click or not...: Elastic: Managing MemoryWhen I first stood up ELK on my home server, and later at the office on a VM, it didn’t dawn on me the impact of memory. While my work situation needed more memory, for more processing, my home environment was getting pummeled by the 50% memory consumption. According to Elastic documentation, their use of Read more...
Recent Posts
- Customized Visualizations in Kibana (Calendar)
- Wazuh: When things go wrong
- CSRF Exploitation
- ZAP and it’s terrifying problems
- Getting Data on Usernames
Tags
App Archive.org CSRF dashboard EDR elasticsearch elk email Exercise EXIF filebeat GHunt Google Earth gvm IDS kibana logic Maltego OpenCTI openvas OSINT owasp philosophy Reporting Reverse Image Search scanner suricata Wazuh ZAP