This analysis on HTTP headers is separated into two different blog posts :
describing what HTTP headers are and analyzing the results of the network requests analyzing the content of HTTP headers
The separation in two parts follows the logical sequence of events that I had to do to complete the investigation. First I had to map the network and interpret these results and then dive deeper in the returned HTTP header results.
Note that … Read more.
Recently I had to verify traffic in a netflow collector for connections to a list of interesting networks (networks suspected to serve malicious content or C&Cs). The netflow collector that was used was an Arbor Peakflow solution.
In Arbor you can browse the raw flows via Explore -> Forensics. This feature allows you to look for specific traffic based on a FCAP filter.
… Read more.Websites get attacked daily. Sometimes the attacker succeeds in accessing the website. This is often told as “we got hacked” but in most cases a “our website got defaced is more accurate.
This post describes what you have to do if you control your website (a custom build website or a CMS website build with Drupal, Joomla, WordPress, …) via FTP and you do not have a shell account on your server.
In most cases … Read more.
Update 20140716
“This could allow an attacker to execute OS commands.”. That is the notice on the security page of Elasticsearch.
A vulnerability that allows execution of system commands should always raise concern.
Some people running a public Elasticsearch instance reported cases where attackers were able to upload scripts. It turned out that when Elasticsearch was available on the Internet (port tcp/9200) and had dynamic scripting enabled then users could execute arbitrary scripts. … Read more.
Dionaea is a low-interaction honeypot. It is one of the honeypots that can be deployed through the Modern Honey Network. Next to the MHN dashboard I also wanted some specific data on the Dionaea honeypot. That is where DionaeaFR kicks in.
The installation is described in detail on the github page and on http://bruteforce.gr/visualizing-dionaeas-results-with-dionaeafr.html.
I had to add some extra packages and settings on a Ubuntu 12.04.4 LTS system. Below is the full … Read more.
After Heartbleed I wrote a small python script to have an automatic check of certification expiration date. The script is hosted on Github.
Next to SSL certificates there are also GPG keys that can (but do not have to) have an expiration date. If you manage a lot of (personal or shared) keys it can become difficult to keep track of expired or soon to be expired keys.
So I wrote a similar python script … Read more.
After Heartbleed and generating lots of different new certificates I searched for a tool that sends me an alert when a certificate is about to expire. Basically I need an automatic check of expiration date of certificates. My requirements were
daily checks; notification by email; check for certificates on internal and external network; check for certificates on non-web service (imap, pop, …).
There are a couple of tools that cover part of my requirements but … Read more.
The OpenSSL heartbleed vulnerability CVE-2014-0160 has been all over the news this month. I posted an overview on what to do and how to detect exploit attempts.
Generating new certificates is one of the advices to cope with this vulnerability. A new certificate means that you have to revoke the old one. Revoked certificates are ‘announced’ in a CRL, or a certificate revocation list.
SANS ISC has a graph on certificates revoked … Read more.
I have iptables on a couple of different Linux hosts. There are a number of tools that allow you to centralize the logs of different hosts (and services) but they often focus on some form of alert management. I need something that allows me to gather the logs from different hosts, put them all in one central database and then generate some statistics on this data.
Iptables logs to the local syslogger but ulogd allows … Read more.
Jump to Update 10-Apr-2014
Jump to Update 11-Apr-2014
Jump to Update 12-Apr-2014
Jump to Update 24-Apr-2014
Unless you’ve been hiding under a rock you must have heard about the OpenSSL heartbleed vulnerability CVE-2014-0160.
Software using or linked against OpenSSL 1.0.1 through 1.0.1f (inclusive) is vulnerable. This post focuses on what you have to do and how you can detect it. This post is not on what the vulnerability is about.
It is important … Read more.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.