Browsed by
Category: infosec

Block Malvertising and Advertising with pfBlockerNG
Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

Comments 185 comments

This walkthrough uses the DNSBL portion of pfBlockerNG to remove ads/advertising and more importantly, malvertising. It essentially creates a functionality similar to the pi-Hole project except it doesn’t require a separate piece of hardware. Instead, you just use your pfSense + pfBlockerNG! If you’re interested in a write-up on installing/configuring the pi-hole on Ubuntu, I have one here. Please note this walkthrough is for the devel version of pfBlockerNG. The pfBlockerNG-devel package is in the standard list of available packages…

Read More Read More

treetop cybersecurity awareness training slide deck
Cybersecurity Awareness Slide Deck v.1.1 & Video

Cybersecurity Awareness Slide Deck v.1.1 & Video

Comments 2 comments

After spending months putting together our cybersecurity awareness training, in September of 2019 we released version 1.0 of our slide deck. We released the slide deck as free, open-source for anyone to download the content and take it back to their own community (organization, library, and other events). Since then, it has been recommended/shared by numerous security professionals on social media and at some of the world’s largest security conferences. By March 2020, it was downloaded thousands of times and…

Read More Read More

pi hole and ubuntu to blackhole dns
Installing pi-hole on Ubuntu 18.04 LTS

Installing pi-hole on Ubuntu 18.04 LTS

Comments 41 comments

In this guide, I will walkthrough how to install and test the pi-hole on Ubuntu and more specifically, Ubuntu Server. These same instructions may work on Ubuntu Desktop, but I strongly suggest Server. Why Ubuntu instead of a Raspberry Pi? I love Raspberry Pis and I probably own at least 10 of them. But sometimes I want to perform DNS blocking/blackholing and I either a) don’t have a Raspberry Pi in an environment or b) I have a virtual environment…

Read More Read More

Quad9 and pfSense
Configuring Quad9 on pfSense

Configuring Quad9 on pfSense

Comments 41 comments

Quad9 is a DNS platform that adds several layers of security. It does this via standard DNS queries/responses.Basically, if a machine on your network queries a known bad hostname, the Quad9 DNS server responds by stating that domain does not exist (NX DOMAIN or non-existent domain). Quad9 also allows you to use DNS over TLS. If you would like a bit more info on Quad9 including some speed benchmarks against other DNS services, I would suggest an earlier article, Quad9 – First…

Read More Read More

OpenVAS 9 setup guide
Installing OpenVAS (GVM) on CentOS 7

Installing OpenVAS (GVM) on CentOS 7

Comments 88 comments

This is a walkthough for installing and configuring OpenVAS (GVM) on CentOS 7. OpenVAS (Open Vulnerability Assessment System) is an opensource vulnerability scanner. Greenbone has deprecated OpenVAS version 9 and version 10 is now known as Greenbone Vulnerability Manager (GVM). Likewise, the new rpms are called ‘greenbone-vulnerability-manager’ and ‘gvm-libs’ which replace the ‘openvas’ and ‘openvas-libraries’ rpms. If you are upgrading from 9 to the latest version, you may lose your previous tasks and reports so beware! Also, if you are…

Read More Read More

Not all cybersecurity is created equal
All Cybersecurity Is Not Created Equal

All Cybersecurity Is Not Created Equal

Comments 0 Comment

I love telling stories about some of the things I’ve seen or done because it helps align mere talking points (or theory) to reality. This is a story I’ve told and presented on several times. It always resonates with the audience and businesses so I figured I would share it here. I was approached by a friend who works in the healthcare space. He asked me to perform a security assessment and light penetration test of his business. My immediate…

Read More Read More

Slide deck for cybersecurity awareness training
Cybersecurity Awareness – Open Source Presentation & Slides

Cybersecurity Awareness – Open Source Presentation & Slides

Comments 0 Comment

Get Active In Your Community My company spent months putting together high-quality cybersecurity awareness training material. We reached out to numerous professionals for feedback — information security, IT, and otherwise. We presented the material several times both publicly and behind closed doors. We continued (continue) tweaking the material based on attendee and professional feedback. Now… We’re giving it away for free!  Why? At the end of the day, we are just one company. No matter how awesome we think we…

Read More Read More

Bypass DNS controls with Cloudflare
Bypass DNS Controls with DNS over HTTPS (no bootstrap required)

Bypass DNS Controls with DNS over HTTPS (no bootstrap required)

Comments 0 Comment

I have a love/hate relationship with DNS over HTTPS (DoH). While I see it’s usefulness for those who live in less than savory political conditions, I also see it causing huge headaches for sysadmins — shadow IT, pen testers and hackers bypassing controls, etc. Nonetheless, this is a walkthrough for those interested in bypassing in-place DNS controls with DoH and *not* using a bootstrap address. Changelog18Feb2019 – Originally posted Many articles discuss how to configure a browser (specifically Firefox) for…

Read More Read More

Security Onion, Zeek, and RITA vs. PowerShell C2
Onion-Zeek-RITA

Onion-Zeek-RITA

Comments 0 Comment

This research is also available for download from the SANS Reading Room. I’ve included the link below. Feel free to add comments or ask questions on this website even if you download the paper from the SANS Reading Room. Onion-Zeek-RITA: Improving Network Visibility and Detecting C2 Activity Changelog26Dec2018 – Originally posted6Jan2019 – Added link to SANS Reading Room Onion-Zeek-RITA: Improving Network Visibility and Detecting C2 Activity Abstract The information security industry is predicted to exceed 100 billion dollars in the…

Read More Read More

proxmox and pfsense
pfSense VLANs on Proxmox

pfSense VLANs on Proxmox

Comments 4 comments

Proxmox is a server virtualization management platform. In many ways, it is an open-source version of ESXi for VMware. While Proxmox is growing on me, the documentation is a bit on the short side and/or in many cases flat out wrong because it has changed so much. I found this out when trying to virtualize pfSense and I was playing around with VLANs. One source said to do it this way, another said something completely different. The kicker is that…

Read More Read More