Overview The Sourcefire eStreamer log collection and comprehensive selection of dashboards optimized for Sourcefire System 5.2+ and Splunk 6. The supported Sourcefire event types are: Intrusion Events Intrusion Event Packet Data (optional) Intrusion Event Extra Data Malware Events File Events Connection Logs and Security Intelligence Events (optional) Correlation and White List Events Impact Flag Alerts […]Read more "How To Configure Cisco eStreamer on Cisco-Sourcefire Defense Center"
Many servers and web applications expect X-Forwarded-For header in HTTP requests. Typically, it’s used to gather intel or correlate the value of the HTTP header, X-Forwarded-For. In some cases, lazy developers leverage such header variants in code used to control access. For this reason, attackers love manipulating HTTP headers used to identify traffic behavior such […]Read more "How to Insert and Protect X forwarded-For Header With iRules"
Cloning an HTTP request is a typical requirement from Software Engineers that work in agile development life cycles and have requirement to actionable analytical data. From a security perspective, cloning HTTP requests is only a concern when the cloned HTTP request is sent to an environment that doesn’t meet your corporations’ server security policies so […]Read more "How To Clone an HTTP request with one condition"
How to install openvas in 5 min. kali 1. Install a fresh Openvas package via apt-get apt-get remove openvas apt-get install openvas 2. If no exceptions were returned by the installer, verify if the setup is correct. The open-vas check-setup script does a great job. Trust it. If it’s to noisy for you, pipe the […]Read more "How to install openvas in 5 minutes on kali"
Correlating security events with public IP addresses from reputable API services that manage IP address black list feeds is integral to detecting. However, in many cases, an emerging outside threat that hasn’t been picked up by a well known and tightly managed black list feed is likely to fall under the radar. Especially in cases […]Read more "How To Extract Original Source IP with iRules"
discover.sh You’ll love this script. I incorporate this tool into penetration testing engagements that require tactical social engineering or on-demand targeted reconnaissance. Download, setup & usage Kali mini apt-get install windows-binaries git clone git clone https://github.com/leebaird/discover.git /opt/discover/; cd /opt/discover/; ./setup.sh; ./discover.sh All scripts must be ran from this location. RECON 1. Domain 2. Person 3. […]Read more "discover.sh"
You’ve got a problem. After a recent Tomcat upgrade in your authentication server’s test environment, you noticed that authentication between your web application’s rest API calls and your authentication server fails. You decide to sniff the network with good ole’ tcpdump on the app (client) and authentication server. tcpdump -ni any port 80 or port 443 -A […]Read more "How To Force Client to use HTTPS"