Rogue System Detection with Splunk

November 7, 2014

This Splunk search allows you to be alerted when a new IP is seen by Bro. The requirements for this alert to work are the bro_known_hosts log and a CSV with all allowed IP addresses. Setup the CSV as an automatic lookup table. The automatic lookup table is setup based on the host (securityonion) and […]


pfSense, Squid, and Splunk free

March 14, 2014

pfSense and Squid I am continuously impressed with the amount and quality of free software that is available on the internet. pfSense is an open source firewall based on FreeBSD with a web based interface and easy to add packages. It has most standard firewall features, but also includes advanced features such as VPN, captive portal, […]


Home or Small Office SIEM with OSSIM

March 30, 2011
Tags: , , ,

For the past couple of weeks, I have been working with OSSIM (Open Source Security Information Management). OSSIM is a collection of tools, which provide a detailed view of the network. These tools include IDS, vulnerability scanner, up-time monitor, and more. I installed the 32-bit version of OSSIM (the 64-bit did not work on my […]



April 18, 2010

I wanted to increase my security skills by setting up my own honeypot and inspecting the results. A honeypot is a computer setup for the purpose of luring a hacker away from valuable resources. I started my honeypot with Apache, Mysql, PHP, SSH, and Postfix. I setup a simple WordPress installation and the ability to […]


Security Operations Center

April 8, 2010

At work, a coworker and I have been setting up a mini security operations center. I call it a mini because it is really just a Snort and Nagios installation. We started with a basic Snort installation and added Base and Barnyard. Base is not very fun to look at so we added Snoge, which […]


Fun with Steganography Update

October 8, 2009

Last time I posted about steganography it didn’t work out very well. I only found free programs  that could handle .gif and .bmp files. Thanks to some additional googling I was able to find a free steganography program that handled .jpeg files. It is old, but it works. The name of it is 1-2- Free […]


Portable Apps

March 6, 2009

At work we have been discussing portable apps. Portable apps is a program you install on a USB flash drive which runs other programs. This is very useful when you are on the road and need your favorite program, but don’t have time to download and install it. We used portable apps to install Thunderbird […]



March 4, 2009

I tried my hand at winlockpwn and was sucessful in bybassing a windows XP SP3 login screen. I was not able to get the exploit to work on a Vista SP1 machine, though. It seems the exploit has lost momentum. I wonder if anyone will update it for Windows 7. I used backtrack 3 live […]