Browsed by
Month: December 2018

Security Onion, Zeek, and RITA vs. PowerShell C2
Onion-Zeek-RITA

Onion-Zeek-RITA

Comments 0 Comment

This research is also available for download from the SANS Reading Room. I’ve included the link below. Feel free to add comments or ask questions on this website even if you download the paper from the SANS Reading Room. Onion-Zeek-RITA: Improving Network Visibility and Detecting C2 Activity Changelog26Dec2018 – Originally posted6Jan2019 – Added link to SANS Reading Room Onion-Zeek-RITA: Improving Network Visibility and Detecting C2 Activity Abstract The information security industry is predicted to exceed 100 billion dollars in the…

Read More Read More

proxmox and pfsense
pfSense VLANs on Proxmox

pfSense VLANs on Proxmox

Comments 4 comments

Proxmox is a server virtualization management platform. In many ways, it is an open-source version of ESXi for VMware. While Proxmox is growing on me, the documentation is a bit on the short side and/or in many cases flat out wrong because it has changed so much. I found this out when trying to virtualize pfSense and I was playing around with VLANs. One source said to do it this way, another said something completely different. The kicker is that…

Read More Read More

pfsense logo
SSHGuard settings on pfSense

SSHGuard settings on pfSense

Comments 3 comments

Something that always annoyed me when performing a vulnerability scan on a pfSense system was the alerts it triggered. Basically, the vulnerability scanner would attempt to bruteforce SSH logins, which would trigger the sshguard protections, placing the IP address in the sshguard table (Diagnostics -> Tables), producing 100’s of firewall block messages, etc. Dec 3 16:22:37 – Int: em0 Type: block Prot: tcp Src: 192.168.1.8:38553 Dest: 192.168.1.1:22 Tracker: 1000000301 – block drop in log quick proto tcp from <sshguard:1> to…

Read More Read More