Diving into the Deep End - Sinkholing an Active Botnet

I’m not an expert in reverse engineering or threat intelligence. I spend my days as a security analyst trying to make sense of things I don’t know much about. Those things might be a system admin setting up a new application or it could be a multi-stage malware attack. In one case it was the latter.

Read More

The Technical Tricks I Learned Playing OpenSOC

As a security analyst for a major MSSP, I use the fancy expensive tools for work. OpenSOC showcases the power of some awesome open source tools that many people have never used. Here are some things I learned by having access to data that’s normally hidden behind an API or totally inaccessible and features not included in large platforms.

Read More

NGINX Logs to Graylog - Quick and Dirty

Sometimes I have a casual personal project where I just want to get the logs into something where I can easily run queries and create visualizations. The popular content packs on the Graylog Marketplace seem to be deprecated or designed for the NGINX Docker container. This guide will get NGINX logs forwarding to Graylog in just a few minutes. Security and reliability are not guaranteed.

Read More

Cool Ansible 3 - Advanced Templating

Jinja is a powerful template engine for Python. It’s commonly used to place variables and other content in files. You can see it in action by using Ansible’s template task. There is much more functionality that can be used to take Ansible playbooks to the next level.

Read More