• Subscribe to the low volume list for updates.

Blog

Security News

Detection of Log4j Vulnerability

On the 9th of December 2021, the world became aware of a critical RCE vulnerability in the Log4j open source package that is buried in the software stacks of many organisations (CVE-2021-44228). Versions of Log4j2 >= 2.0-beta9 and
Read More
1 month ago
Security ResearchTools

Extend DetectionLab with Linux Endpoints

DetectionLab is a fantastic project by Chris Long for quickly deploying a Windows Domain-based test environment with Linux-based Security Information Event Management (SIEM). See our DetectionLab Tutorial or check out the project page for more information. In this post, I detail how to easily deploy additional Ubuntu Linux-based servers into the DetectionLab environment. The idea […]
Read More
4 months ago
Security ResearchTools

Build a Cyber Security Lab with DetectionLab

DetectionLab and Vagrant DetectionLab by Chris Long makes this initial configuration a piece of cake. It is quite simply amazing; if DetectionLab was thrown into a 1RU box with blinking lights (Lockeed/Boeing/Raython) would probably sell this thing as a Cyber Range for 7+ figures. The DetectionLab will run on many operating systems and Hypervisors, but, […]
Read More
4 months ago
Security ResearchTools

osquery Linux Tutorial and Tips

Install osquery on Ubuntu Linux Originally developed by Facebook, osquery is a well-supported and documented tool. It has straightforward installation steps for a variety of operating systems and Linux distributions. In this tutorial, we will focus on installation on Ubuntu from the official repository. If you are using Fedora or other Linux distros the initial […]
Read More
5 months ago
Tools

ClamAV Antivirus for Linux Tutorial

ClamAV Antivirus is an open source malware detection tool. In this tutorial we cover getting started with ClamAV and common use cases. Through various configuration profiles it is able to perform real time filesystem detection, ad hoc file scanning, mail gateway filtering and http proxy scanning. These use cases only scratch the surface of what […]
Read More
8 months ago
Site UpdatesTools

DNS Tools

DNS Enumeration Searching for DNS records and DNS related information is an important part of reconnaissance for a penetration tester. Obtaining information on DNS servers and DNS records provides the Pen Tester/Red Team/Attacker with a deeper understanding of the organisations network. With DNS, it is not a 'one tool fits all' situation. You will need […]
Read More
1 year ago
Security Research

Fortune 1000 Technology Insights

By using common Internet Security reconnaissance techniques, it is possible to develop insights into technologies used by the Fortune 1000 companies. A look at the technology stack of the companies main website, the Internet email gateway services, and the external name servers used by the companies primary domains provides a glimpse into the IT infrastructure. […]
Read More
1 year ago
Security BreachesSecurity NewsSecurity Research

Attacking and Enumerating Joomla

Discover the tips and techniques used to attack and break into Joomla based websites. An understanding of these hacker techniques will enable you to be prepared to keep your sites secure. Additionally, penetration testers or red teams needing to exploit Joomla targets will also find practical hints in this guide. Enumeration | Recon 1. Joomla […]
Read More
1 year ago
Security News

Download Top 1 Million Sites

Data sets of the top 1 million Internet sites are simply compiled lists of web sites (or domains) that are found to have the most traffic. What follows are some of the most popular and well known data sets of the Top 1 Million Sites. Depending on the methodology used, the results can have significant […]
Read More
2 years ago
Security ResearchTools

Install Suricata on Ubuntu 18.04 in 5 minutes

Building a network-based intrusion detection capability can be done in just 5 minutes. Install Suricata to monitor network traffic and look for security events that can indicate an attack or compromise. Suricata is based around the Snort IDS system, with a number of improvements. Suricata performs multi-threaded analysis, natively decode network streams, and assemble files […]
Read More
2 years ago