Banner Capture for Fun and Profit

Posted on February 12, 2023

On January 30th I saw the single suricata alert “ET SCAN Zmap User-Agent (Inbound)”. This is a low severity alert and the target was my web server. Let’s see what that’s all…

WordPress Back ups

Posted on February 4, 2023

We get caught up trying to get something to work, that we forget to back it up. I’ve done it, and still do it…until something happens and I’m kicking myself in the…

A Whole Lot of Nothings

Posted on January 27, 2023

On August 18th IP address 23.227.202.82 (Tampa, Florida) triggered the suricata alert “ET SCAN MS Terminal Server Traffic on Non-standard Port” on my web server. This is apparently an attempted information leak,…

Torrent in Sheep’s Clothing

Posted on December 31, 2022

I discovered that my son was using BitTorrent. The alert GPL P2P BitTorent Transfer showed up in Security Onion in the 100’s of thousands. He said he uses it to download Linux…

WUDO and, well, that was dumb

Posted on December 2, 2022

Allow me to introduce you to WUDO. WUDO is Windows Update Delivery Optimization, and not the Western Union Defence Organisation. This is a feature introduced in Windows 10 to cut down on…

An Analysis of a Log4Shell Attack

Posted on November 19, 2022

An interesting thing appeared on my Apache log doorstep in late September. What follows is the actual code received from what I am calling a probable Log4Shell exploit. I was hesitant to…

WordPress Install

Posted on November 13, 2022

I wanted to share what I’ve done over the years to successfully deploy a wordpress site hosted internally on my personal network. If you don’t want to pay for a subscription for…

Penetration Test, No Charge

Posted on November 5, 2022

Back in early July some strange traffic was setting off Suricata alerts. The target was my WordPress website. The website is for the benefit of a non-profit and because of ISP restrictions,…

These Are the Pros and Cons of …

Posted on October 21, 2022

… Clear Text Authentication Back in June I got a Suricata alert saying a local computer was authenticating using clear text. That computer was my son’s Nintendo Wii. Security Onion is an…

Frederick’s Tiny Corner of the Cyber Universe

Posted on October 7, 2022

Allow me to introduce my homelab. Clearly it is a work in progress and its structure reflects my use case, skill set, and available time. I am fully aware that it is…