Browsed by
Tag: blueteam

Shadow Brokers Dump And Best Practices

Shadow Brokers Dump And Best Practices

Well that’s a weird title, right? Now that the dust has settled to some degree, let’s look at a not-so-obvious takeaway from the latest security news that simultaneously set everyone’s hair on fire? The latest Shadow Brokers dump is bad on so many different levels. Let’s not concentrate on the potential levels of government and private industry collusion our guts told us existed, but we weren’t sure of. Even now, Microsoft is claiming the vulnerabilities were fixed as part of a…

Read More Read More

Using pfBlockerNG (And Block Lists) On pfSense

Using pfBlockerNG (And Block Lists) On pfSense

If you are also interested in pfBlockerNG (DNSBL) for ad and malvertising blocking, I have a walk-through on it here!  –> Blocking Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL) <– In a previous post, I talked about implementing blocklists (aka IP reputation lists, ban lists, blacklists, etc.) generically on nearly any firewall to improve your security. The examples I used were on pfSense and OPNsense. I also discussed the methodology and some background as well so if you’re just coming into…

Read More Read More

Using Firewall Block Lists

Using Firewall Block Lists

Changelog 28Feb2017 – Originally posted 19Mar2017 – Added firehol_level3 section 15Feb2018 – Added outbound/LAN rule section This guide is primarily for anyone using a firewall other than pfSense. If you are using pfSense, I would strongly suggest following my guide written specifically for pfSense (and pfBlockerNG). That guide replicates/mirrors much of the work below and also adds to it.  https://linuxincluded.com/using-pfblockerng-on-pfsense/ IP reputation lists (aka IP blacklists, ban lists, block lists, etc.) are fairly plentiful and some are better (more IPs…

Read More Read More

Uncovering Indicators of Compromise

Uncovering Indicators of Compromise

This is the “newest” version of a paper and script I originally wrote as part of my SANS gold paper for the GCCC certification. The paper re-write was primarily in preparation for my presentation of the topic at the 2016 Nagios World Conference… Unfortunately, the conference was canceled. <sigh> Nonetheless, the paper now covers version 6 of the Critical Security Controls instead of 5.1. Changelog 6October2015 – Originally posted 16October2016 – Updated for version 6 of CSCs The original paper in PDF…

Read More Read More

Stop CEO/CFO Domain Spear Phishing

Stop CEO/CFO Domain Spear Phishing

Pretty bold title… While it is nearly impossible to stop any motivated attacker/phisher, I also believe in doing every bit you can to improve your environment and these steps will go a long way to helping your situation. I will talk about two primary ways to put an end to CEO/CFO spear phishing. Realize upfront that you should not do one step without the other. I will also talk about the ins and outs of these techniques as well as some of…

Read More Read More