How To Configure Cisco eStreamer on Cisco-Sourcefire Defense Center

Overview The Sourcefire eStreamer log collection and comprehensive selection of dashboards optimized for Sourcefire System 5.2+ and Splunk 6. The supported Sourcefire event types are: Intrusion Events Intrusion Event Packet Data (optional) Intrusion Event Extra Data Malware Events File Events Connection Logs and Security Intelligence Events (optional) Correlation and White List Events Impact Flag Alerts […]

Read more "How To Configure Cisco eStreamer on Cisco-Sourcefire Defense Center"

How to Insert and Protect X forwarded-For Header With iRules

Many servers and web applications expect X-Forwarded-For header in HTTP requests. Typically, it’s used to gather intel or correlate the value of the HTTP header, X-Forwarded-For. In some cases, lazy developers leverage such header variants  in code used to control access. For this reason, attackers love manipulating HTTP headers used to identify traffic behavior  such […]

Read more "How to Insert and Protect X forwarded-For Header With iRules"

discover.sh

discover.sh You’ll love this script. I incorporate this tool into penetration testing engagements that require tactical social engineering or on-demand targeted reconnaissance.   Download, setup & usage Kali mini apt-get install windows-binaries git clone git clone https://github.com/leebaird/discover.git /opt/discover/; cd /opt/discover/; ./setup.sh; ./discover.sh All scripts must be ran from this location. RECON 1. Domain 2. Person 3. […]

Read more "discover.sh"

How To Force Client to use HTTPS

You’ve got a problem.  After a recent Tomcat upgrade in your authentication server’s test environment, you noticed that authentication between your web application’s rest API calls and your authentication server fails. You decide to sniff the network with good ole’ tcpdump on the app (client) and authentication server. tcpdump -ni any port 80 or port 443 -A […]

Read more "How To Force Client to use HTTPS"