-
Hunchly: OSINT Capturing Utility
Click or not...: Hunchly: OSINT Capturing UtilityLet me tell you about my favorite little browser extension: Hunchly. Hunchly is an extension that works in Chromium based browsers (Brave, Chrome, Chromium). Once added, you use the desktop app to setup a new case. Then in the browser extension, you pick the case you want to capture to. Once set, the browser extension… Read more...
-
OSINT: Sofia’s Exercise #3
Click or not...: OSINT: Sofia’s Exercise #3In this exercise, Sr. Analyst Sofia Santos, asks us to name and give the location of an image. The image in question is one of two people (looks like people of importance) shaking hands. We’re even the headline for the photo, “Somalia President makes first International State visit to Turkey.” Reference to Sofia Santos’ Exercise… Read more...
-
OpenCTI: A Brief Intro
Click or not...: OpenCTI: A Brief IntroAnother security tool I recently came across, is OpenCTI. OpenCTI is a Cyber Threat Intelligence platform. What that means, is that it crowdsources data from various partners, and visualizes the dynamically changing relationships of these security events. Your own data can be pulled in as well, to find interconnections with data reported from a variety… Read more...
-
Maltego: A Brief Intro
Click or not...: Maltego: A Brief IntroI had no idea the scope of power that Maltego brought to OSINT (open source intelligence), until recently. If you’re unfamiliar with the term OSINT, it is a process of passive data collection and analysis. Without using any active scans, or intrusions, data is collected instead from the public sector. “Couldn’t I just google it,”… Read more...
-
OSINT: Sofia’s Exercise 6
Click or not...: OSINT: Sofia’s Exercise 6A very impressive Sr. OSINT analyst/investigator is Sofia Santos. She posts videos on Youtube about discovering truth about image and video data. She also manages a blog that has (among other things) OSINT exercises. Some, well most, of her exercises are very challenging. However, exercise #006 is tagged as “easy.” Check it out below, and… Read more...
-
ELK ILM
Click or not...: ELK ILMELK uses a watermark, when disk space reaches X% (90% I believe), it stops performing, and shuts down services. For this reason it’s important to have a good sense of data maintenance. How long do you need your data? 5 days? 7 days? 30 days? How much disk space do you have available to you?… Read more...
-
ELK Migration Woes: PUT values without Kibana
Click or not...: ELK Migration Woes: PUT values without KibanaI’ve been upgrading my home ELK stack from from 7.17.* to 8.7.*. In the process I got to a state where elasticsearch was running, filebeat was running, but Kibana was failing. Doing a systemctl status kibana reported something about : cluster.routing.allocation.enable needing to be set to 'All' Looking this up, got me to this ElasticSearch… Read more...
-
Easier Ways to install GVM (OpenVAS)
Click or not...: Easier Ways to install GVM (OpenVAS)Early in the year a leader in the DevOps team at my job asked me if I wouldn’t mind taking on a project in my free time. The project was to install GVM (formerly known as OpenVAS) on a VM, which would target key systems for security audits. Our goal was also to setup an… Read more...
-
QA Lab Monitoring with ELK
Click or not...: QA Lab Monitoring with ELKELK I got into the ELK (Elasticsearch, Logstash, Kibana) stack when I started working with an IDS called Suricata. I needed a front end to discern the data events happening on the network and ELK was a natural fit for Suricata. ELK provides a way of shipping and analyzing data from various sources. Data events… Read more...
-
Monitor Third Party Front-End Libraries
Click or not...: Monitor Third Party Front-End LibrariesIt’s always useful to keep track of what JS or CSS libraries are being pulled into the Front-End by hosted 3rd parties. Examples could be CDN’s. While there are services that charge for this monitoring, this can be accomplished with an Open Source stack. The Goal A web server’s access logs will make mention of… Read more...