A blog about data driven security and malware analysis.
Today I wanted to do a blog post on a malicious Microsoft Word Document that I pulled down from http://iec56w4ibovnb4wc.onion, this is @0xffff0800 repository of malware. It is definitely an excellent resource of malware. So far from what I can tell in my analysis is that this Word document is a downloader, but with that […]
Read More MagicHoundAPT34 Word Doc AnalysisToday I wanted to cover some command-line tips and tricks I’ve learned over the years to help me filter and analyze pcap files. The tools I will be using for this are TCPDump and TShark. The pcap I will be using is from https://www.malware-traffic-analysis.net. If you haven’t checked out this site yet you should because […]
Read More PCAP Command-line Tips & TricksSo in this blog post I wanted to talk about my approach to hunting on the network. I won’t delve into collection of the data, but instead this will be a situation where you have a packet capture already and you don’t know where to start. So depending on the size of the packet capture […]
Read More Threat Hunting Snippets for the NetworkThese are fascinating times we find ourselves in as security professionals, never has there been so much information at our fingertips on how to do our jobs in creative and outside the box ways! It’s literally like being Neo in the Matrix, you can find and follow bona fide rockstars such as Matt Graeber, Will […]
Read More 3 Steps to Improve Your SecurityIn this post we are going to install Logstash to finish up our Elasticsearch server. So let’s start. First thing we will do is install Logstash. sudo apt-get update && sudo apt-get install logstash Now we will create our Logstash configuration file to be able to receive event logs from our Windows endpoints with Winlogbeat […]
Read More Elasticsearch Stack Install Part 3 LogstashSo we will be picking up where we left off. We have already installed Elasticsearch so if you have not completed that step yet, Part 1 is here. On with Kibana… Step 1 Install Kibana: sudo apt-get update && sudo apt-get install kibana Next we will connect the server to our localhost like we did with Elasticsearch. […]
Read More Elasticsearch Stack Install Part 2 KibanaSo in this blog post I am going to start a series of posts dealing with installing the Elasticsearch stack and then using Winlogbeat to forward Windows event logs and Filebeat to forward bro logs and then finally we will build out some cool visualizations and dashboards. I will be installing the Elasticsearch stack on […]
Read More Elasticsearch Stack Install Part 1 Elasticsearch