Category Archive: Security

ISC2 Exam Developer Workshop

I just participated in an invitation-only ISC2 Exam Developer Workshop. The workshop gave me an insider’s perspective on how diligent ISC2 is for providing exams that help qualified candidates within the information security field distinguish themselves amongst their peers. During this workshop, I was among a group of information security professionals that was galvanized to
Read More …

Success with rsyslog

For a while now, I’ve been hearing complaints about rsyslog’s configuration format. syslogd style configuration syntax has a reputation for being difficult to read. Understandably, this has caused a preference for syslog-ng with some going as far as ripping out rsyslogd, the default syslog implementation, and replacing it with syslog-ng. In this post, I hope to
Read More …

Extending Splunk Stream Vocabularies using IPFIX

Splunk Stream, NetFlow and IPFIX One of my favorite tools in my Splunk arsenal Splunk Stream.  Splunk Stream allows you to capture and analyze network traffic, and then index that data in Splunk. It works great for analyzing DNS, email, DHCP and more. But what if you have your own types of traffic that you
Read More …

A look back at Shmoocon 2017 from the FNG

As winter picks up its stride and the cold temps become the norm, you look at the calendar and realize Shmoocon is here. This was my first time attending and I didn’t know what to expect. Just the ticket process alone was an event…that I missed out on. But luckily the Aplura family had my
Read More …

Metadata, the Constitution, and You

Having recently completed my second excursion into the wonderment that is Shmoocon, I’ve come away with a slightly perplexing quandary. I attended a talk titled “The Metadata is the Message”. This talk was at the same time both entertaining and very informative. Given by Matt Blaze, he not only describes the technical background of wiretapping,
Read More …

Bringing an Intern to ShmooCon

Hacking. Lock picking. Cracking code. The buzzwords found in Hollywood films were actually happening at Shmoocon. This hacking convention brought a crowd with a unique talent for computing together, and the outcome was one that was unforgettable. Walking around the conference was a whole experience in itself. People from all different areas of the security
Read More …

Create Better Correlation Searches

Create Better Correlation Searches Splunk Enterprise Security comes with 60 correlation searches. Depending on your data, some of these searches are a little noisy and create too many Notable Events. In this article I’m going to show you how to modify a correlation search to narrow the focus, and create a smaller amount of higher
Read More …

Diving into Email Headers

I’ve been meaning to revisit something I spend a good deal of time on in a past life. Email headers can be a valuable source of intelligence when combating anything from basic spam all the way to targeted phishing campaigns. In my experience, even sophisticated attackers do not make much of an attempt to vary items
Read More …

Aplura Security Assessment: The Situation – Mid-Sized Application provider

Commercial Application Provider Manages and maintains a web-based HR solution for US Federal entities All software and data are hosted on Application Provider systems Federal Guidelines The Application provider as a commercial entity does not fall under Federal regulatory compliance requirements; however, their customers require similar standards. The Application provider, in preparation for a new very
Read More …