Skip to content

Laskowski-Tech

  • Home
  • Projects
    • Calamity – Malware Triage from Memory Dumps
    • LW-yara Malware signature database
    • Minerchk – malicous crypto-mining detection
    • Blazescan – Linux Webserver Malware scanner and DFIR toolset
    • Drupal Check CVE 2018-7600
  • Resources
    • pfSense
    • Securing WordPress
    • Web Server Malware Investigating
  • Articles
  • CV
  • Contact

Category: logging

Opnsense and SSL decryption using sslsplit

Posted on March 29, 2020March 29, 2020 by admin

Today as more and more traffic continues to move to a encrypted world you might think that traditional NSM (Network Security Monitoring) has gone out the window. There is a good deal of truth to that and that has made things like

Read More

Posted in dfir, logging, monitoring

Wazuh/Ossec for detecting Web App Attacks – Router/Camera Malware Edition

Posted on October 20, 2018October 20, 2018 by admin

So this past month I have set up the Wazuh fork of Ossec across my infrastructure and have begun to play with its capabilities. Part of my infrastructure includes web servers, and I was happy to see while reviewing the alert feed

Read More

Posted in analysis, logging, malware, web server

Updates to the good old HIDS Ossec-Wazuh

Posted on September 25, 2018September 25, 2018 by admin

So back in the day I began working with OSSEC, the open source host based intrusion detection system. OSSEC has been running sonce around 2008, and been shepherded by Trend Micro since 2009. I ran the base package for some years, but

Read More

Posted in dfir, logging, monitoring, soc

Blazescan v 1.3 updates

Posted on July 21, 2018 by admin

Update time, I added a few additional features to blazescan. One requested feature was the ability to email a report produced by blazescan, this has been added to the -m flag. The mail address is set in the blazescand.conf file: Additionally a

Read More

Posted in logging, malware, monitoring, web server

No Fuss FOSS – building a Free and Open Source SoC

Posted on July 11, 2018July 12, 2018 by admin

So I am speaking again, this time I am presenting on my workflow for incident response using free and open source tools.   I’ll update this after the talk but for those attending here is the link to the slides: https://laskowski-tech.com/downloads/FOSSv1.pdf  

Posted in analysis, logging, malware, monitoring, web server

Searching for Drupal CVE-2018-7600 Compromises

Posted on April 24, 2018April 24, 2018 by admin

So If you haven’t heard the news the Drupal Core Team released a critical patch back in March to close a Remote Code Execution vulnerability. In the beginning of April scanning started and POC’s exploits became available. At this time if you

Read More

Posted in logging, malware, web server

Snort rule generator and updated Monero Miner Rules

Posted on February 5, 2018February 5, 2018 by admin

So this morning I was wanting to update the original snort crypto miner rules to my minerchk tools. I thought it would be nice to create detection based on all of the domain and IP addresses that I’ve uncovered using the infection

Read More

Posted in cryptomining, logging, pfsense

pfSense and Graylog for NetFlow collection and Analysis

Posted on September 20, 2017January 9, 2018 by admin

Hello, I love Network and Infosec, but my current role doesn’t get me too hands on in the two so at home I’ve deployed pfSense router, a powerful free and open source network operating system, and Graylog a free and open source

Read More

Posted in logging, network, pfsense

Recent Articles

  • Opnsense and SSL decryption using sslsplit
  • TIL: How to Unpatch Office and get that sweet execution
  • Breakout Time: Trickbot edition (Gtags QWE, lib693, tt0002)
  • Remco’s RAT, AMSI killing in the wild and defender evasion.
  • Definitely Racoon this time!
  • OSTAP: Maldocs, with a sprinkle of Jscript
  • What is this? Bad for sure! Racoon Stealer, maybe?
  • Is That Really Your AV Company? (Trickbot gtag mor85)
  • .Club Phish
  • Emotet’s away but Trickbot still wants to play

Categories

All rights reserved © Laskowski-Tech Powered by WordPress Theme by Mina Themes