• Subscribe to the low volume list for updates.

Archives of Security Research

Maltego Transforms

Creating Local Maltego Transforms for our DNS reconnaissance tools has been on my to-do list for a while now. I am happy to say they are now available and it is a sweet way to perform infrastructure mapping from a domain. What is Maltego? Maltego is a cross-platform application for performing link analysis. Discover relationships […]
Read More

Cowrie Honeypot on Ubuntu

What is Cowrie Cowrie is the new fork of the Kippo Honeypot. It has been updated with new features and provides emulation that records the session of an attacker. With this session recording, you get a better understanding of the attackers tools, tactics, and procedures - TTPs. TTPs being a term that is increasingly being […]
Read More

20 Open Source Security Tools for Blue Teams

20 Essential tools for Blue Teams   1. Nmap   2. OpenVAS   3. OSSEC   4. Security Onion   5. Metasploit Framework   6. OpenSSH   7. Wireshark   8. Kali Linux   9. Nikto 10. Yara 11. Arkime (formerly Moloch) 12. ZEEK (formerly Bro-IDS) 13. Snort 14. OSQuery 15. GRR - Google Rapid Response 16. ClamAV 17. Velociraptor 18. ELK Stack | […]
Read More

16 Offensive Security Tools for SysAdmins

Security Professionals use Offensive security tools for testing and demonstrating security weaknesses. Systems Administrators and other IT professionals will benefit from having an understanding of the capabilities of these tools. Benefits include preparing systems to defend against these types of attacks and being able to identify the attacks in the case of an incident. This […]
Read More

Enable OSSEC Active Response

Many OSSEC users start with Active response disabled to ensure the OSSEC agent does not affect the server, especially when running in a live production environment. However, once you have an understanding of the number of alerts and types of alerts you are seeing, it is a good idea to enable Active response. Blocking is […]
Read More

Proxy your Phone to Burp

In this guide we configure Burp Suite to proxy all the traffic from your phone, tablet or other wifi device. As a bonus you will also have full access to all the WIFI packets for consumption by Wireshark or your traffic analysis tool of choice.  Use this traffic analysis technique to hunt bug bounties in […]
Read More

Quietly Mapping the Network Attack Surface

When assessing the network security of an organization it is important to understand the breadth of the attack surface. A single forgotten host or web application in the network will often become the initial foothold for an attacker. Passively Mapping the Network Attack Surface Using open source intelligence (OSINT) techniques and tools it is possible […]
Read More

tshark tutorial and filter examples

tshark is a packet capture tool that also has powerful reading and parsing features for pcap analysis. Rather than repeat the information in the extensive man page and on the wireshark.org documentation archive, I will provide practical examples to get you started using tshark and begin carving valuable information from the wire. Tshark examples Use […]
Read More

WordPress Security Testing with Nmap

With the popularity of WordPress as a publishing platform, security testing is an important part of ensuring the installation is secure. Nmap has a couple of NSE scripts specifically for the testing of WordPress installations. Using those scripts as a base I have developed a couple more that expand the capabilities of using Nmap to […]
Read More

28 Days After Drupal Exploit

Last month a critical Drupal security exploit was released. Critical vulnerabilities in the core of content management systems are not as common as they once were, as can be seen in the amount of media coverage that this one generated. Using a custom Nmap NSE script I surveyed the top 10 thousand sites that are […]
Read More