Developing Urgent11 Detection with Suricata

Summary In july of 2019 Armis released a technical whitepaper detailing numerous vulnerabilities found in devices running VxWorks. Since this post is not about explaining what VxWorks is, or why the vulnerabilities are so impactful, I will leave you with this link to the post that Armis put out in july. Since I’m developing Suricata […]

CTF Write-up: Rob’s admin program

PvIB CTF Last thursday I was participating in a CTF which had challenges in different categories of difficulty. This challenge was in the ‘ARGH’ category and labelled as very hard. I jumped right into it from the start of the CTF but unfortunately didn’t made it in time due to some stupid mistakes I made. […]

Suriflaska – Flask server for testing Snort / Suricata rules

This post is a small follow-up on the network detection theme that I have been posting the last couple months. Recently I got more into writing rules for detecting network threats and wanted to create something similar to what is used in some bigger blue team companies. So without going too much in the why’s, […]

Apache UNO API Remote Code Execution

After months of trying to make Apache understand the security risks of having a method of executing code remotely without any warning or authentication scheme, it seems these efforts were futile. Apache will not fix this issue as they deem this a feature and apparently it isn’t used by anyone but they also refuse to […]

Detecting the SpeakUp Trojan using Snort

On February 4th, Check Point Research released a post about a new undetected Trojan that was part of a new campaign, exploiting Linux servers. Check Point Research dubbed this Trojan ‘SpeakUp’. The Trojan exploits known vulnerabilities in six different Linux distributions. The malware developer was correlated with ‘Zettabit’ due to it having a lot in […]

Investigating External IP-Lookups from Mailspring

Last week I was playing around with some PCAPs I made of my home network, trying to correlate what I saw happening in the PCAP with the alerts generated by my SecurityOnion instance. One specific alert triggered over 1000 times in just two days, this doesn’t say much as I happen test a lot of […]

Setting up SecurityOnion for monitoring home networks

This is a simple post to explain how to set up a SecurityOnion instance for monitoring a home network. NOTE: Do not use this guide for setting up a SecurityOnion instance for monitoring production environments! About SecurityOnion I could write something here myself but the SecurityOnion Github page does this better: Security Onion is a […]

Back to top