I run a lab with a couple of Windows VMs on different laptops via VMware Workstation (for Linux). Some of these machines are “vulnerable” Windows systems (check out Microsoft Evaluation Center). I pretty much always use the same password for the administrator account to make management easy. This is bad practice for a real-life environment, but the purpose of these machines is to get compromised anyway.
However, sometimes it might seem like a good idea … Read more.
I recently had to explore MQTT. I had never heard of this protocol before. However some helpful resources provide a clear explanation what MQTT is about.
MQTT is a machine-to-machine (M2M)/”Internet of Things” connectivity protocol that uses a lightweight publish/subscribe messaging transport. MQTT works on top of TCP/IP and by default uses port tcp/1883.
A quick search on Shodan reveals that there are a lot of devices publicly available, primarily in the US and Asia. … Read more.
I use an Apple MacBook as my primary work laptop. One of the nice features that are automatically included in OSX is Time Machine, allowing you to do automatic backups.
You can do the backups to an external disk (via USB) or to a network connected disk. I also have a Synology NAS with a volume (encrypted of course) configured for the backups. I have set a quota for this volume to prevent the backups … Read more.
One of my virtual machines hosted at Gandi had an excessive amount of error messages
The cause of this error message are the IPv6 router announcements that try to discover and configure the IPv6 neighbourhood. The excessive amount of messages were polluting the logs.
After contacting the Gandi helpdesk they provided insight on the cause of the error message and provided mitigations to prevent these type of errors. I had to update /etc/sysctl.conf with … Read more.
The short answer : no, TOR exit nodes do not alter your content.
Vodafone eavesdrops on your conversation, causing this to … Read more.
Modbus is a serial communication protocol. It is the most widespread used protocol within ICS.
It works in a Master / Slave mode. This means the Master has the pull the information from a Slave at regular times.
Modbus is a clear text protocol with no authentication.
Although it was initially developed for serial communication it is now often used over TCP. Other versions of Modbus (used in serial communication) are for example Modbus RTU … Read more.
I use Apple OSX for my day-to-day work. Because of my background with Linux and OpenBSD the OSX Terminal application is my most “popular” application.
Because I got spoiled with the ease of use of screen on Linux devices and the basic Terminal app on OSX is fairly limited in feature-set I was looking for an alternative that runs natively on OSX and provides similar features to screen.
TMUX is a terminal application that allows … Read more.
Analyzing malware and extracting useful detection indicators (Indicators of Compromise, IOCs) for protecting your customers is a recurrent task if you do incident response. If you have your own malware analysis environment and you receive a suspected malicious file then uploading the file for processing and waiting for the analysis is one of the first steps in this process. However sometimes you have to rely on using different public online malware analyser tool for getting … Read more.
The Tor Apple OSX Tor Bundle is a stripped Firefox browser that uses a local SOCKS proxy to anonymize the requests.
The SOCKS proxy that is used is tor.real, located at /Applications//TorBrowser.app/TorBrowser/Tor/tor.real.
Anonymous browsing is good but I needed a command line tool to fetch a web page or web site. More specific, I want to recursively download a website from the command line. Ideally you use wget for this. Unfortunately wget does not … Read more.
This is the second part in a post describing how to train your team for incident response and incident investigations.
The first part covered how to analyze the e-mail headers and information in a suspicious e-mail.
The e-mail contained one attachment : firstname.lastname@example.org. Unzipping the file resulted in a .scr file.
The sha1 is
I uploaded the scr file to Virustotal for further analysis. So far (22-Feb) no-one else submitted a similar sample. … Read more.