Skip to content

Laskowski-Tech

  • Home
  • Projects
    • Calamity – Malware Triage from Memory Dumps
    • LW-yara Malware signature database
    • Minerchk – malicous crypto-mining detection
    • Blazescan – Linux Webserver Malware scanner and DFIR toolset
    • Drupal Check CVE 2018-7600
  • Resources
    • pfSense
    • Securing WordPress
    • Web Server Malware Investigating
  • Articles
  • CV
  • Contact

Category: monitoring

Opnsense and SSL decryption using sslsplit

Posted on March 29, 2020March 29, 2020 by admin

Today as more and more traffic continues to move to a encrypted world you might think that traditional NSM (Network Security Monitoring) has gone out the window. There is a good deal of truth to that and that has made things like

Read More

Posted in dfir, logging, monitoring

Detecting Emotet, and other Downloader Malware with OSSEC/Wazuh

Posted on November 28, 2018November 28, 2018 by admin

So if you talk to most infosec professionals I think you find most would agree that malware goes in and out of fashion, back in 2016 ransomware was hot, at the end of 2017 cryptominers were everywhere. Today I don’t think many

Read More

Posted in analysis, dfir, malware, monitoring, soc

Webserver Malware Investigations – Blazescan Tutorial

Posted on November 10, 2018November 10, 2018 by admin

Originally published at Eforensics magazine: Today when you look at the market of malware you will find an overwhelming domination of malicious windows software.  So looking for security products you can find many that exist for Windows, and write up after write

Read More

Posted in dfir, monitoring, soc, web server, wordpress

All you need to do is mess up once they say…

Posted on October 15, 2018 by admin

Or how your sever gets used in a reflective DDOS, an anecdote…   So many platitudes in the infosec community go : As a defender you need to be right 100% of the time, the attack only needs to get it right

Read More

Posted in monitoring, network, web server

Updates to the good old HIDS Ossec-Wazuh

Posted on September 25, 2018September 25, 2018 by admin

So back in the day I began working with OSSEC, the open source host based intrusion detection system. OSSEC has been running sonce around 2008, and been shepherded by Trend Micro since 2009. I ran the base package for some years, but

Read More

Posted in dfir, logging, monitoring, soc

Blazescan v 1.3 updates

Posted on July 21, 2018 by admin

Update time, I added a few additional features to blazescan. One requested feature was the ability to email a report produced by blazescan, this has been added to the -m flag. The mail address is set in the blazescand.conf file: Additionally a

Read More

Posted in logging, malware, monitoring, web server

No Fuss FOSS – building a Free and Open Source SoC

Posted on July 11, 2018July 12, 2018 by admin

So I am speaking again, this time I am presenting on my workflow for incident response using free and open source tools.   I’ll update this after the talk but for those attending here is the link to the slides: https://laskowski-tech.com/downloads/FOSSv1.pdf  

Posted in analysis, logging, malware, monitoring, web server

Minerchk version 1.4 release

Posted on May 7, 2018May 7, 2018 by admin

Hello there interwebs. If you don’t know or perhaps if you do I’ve been working on a project to assist Incident Responders and Systems Administrators detect and remediate malicious cryptomining. Development has come quite away since the first beta release. So since

Read More

Posted in cryptomining, monitoring, web server

Minerchk Beta Announcement!

Posted on January 8, 2018January 9, 2018 by admin

  So if you haven’t been here before, I’ve been looking into instances of malware using crypto-mining as a means of monetizing hacked servers on the network I work on. In that research, we found that compromised servers had been mining over

Read More

Posted in analysis, cryptomining, monitoring, web server

Setting up a Honeypot using Opencanary

Posted on December 19, 2017December 20, 2017 by admin

One of the biggest issues in many organizations is lack of detection capabilities of lateral movement. We all know the breach will happen at some point, but the real question is will you know when it happens? Most data we have is

Read More

Posted in monitoring, network

Recent Articles

  • Opnsense and SSL decryption using sslsplit
  • TIL: How to Unpatch Office and get that sweet execution
  • Breakout Time: Trickbot edition (Gtags QWE, lib693, tt0002)
  • Remco’s RAT, AMSI killing in the wild and defender evasion.
  • Definitely Racoon this time!
  • OSTAP: Maldocs, with a sprinkle of Jscript
  • What is this? Bad for sure! Racoon Stealer, maybe?
  • Is That Really Your AV Company? (Trickbot gtag mor85)
  • .Club Phish
  • Emotet’s away but Trickbot still wants to play

Categories

All rights reserved © Laskowski-Tech Powered by WordPress Theme by Mina Themes