Firewall logs provide a wealth of information about a network. They can be used to identify devices, troubleshoot policies, and even help determine the impact of a cyber attack. Graylog is a powerful open source log collection and analysis platform that is well-suited for managing firewall logs. This guide explains how to create a production-ready single node Graylog instance with bidirectional authentication to the firewalls, and how it can be used to analyze FortiGate firewall logs with premade dashboards.
How-to Guides
How to update the firmware on a Samsung monitor
Almost every device you can buy nowadays has upgradable firmware. New firmware versions can fix bugs, patch security vulnerability, improve features, or add features. As computer monitors get more complex and feature-packed, it becomes more important to use the latest firmware. Samsung doesn’t provide instructions on performing a firmware update in user guides on on download pages. This guide explains the exact steps for updating the firmware on Samsung monitor, and will hopefully save you a lot of searching.
How to Install Volatility 2 and Volatility 3 on Debian, Ubuntu, or Kali Linux
Volatility is a powerful memory forensics tool. This guide will show you how to install Volatility 2 and Volatility 3 on Debian and Debian-based Linux distributions, such as Ubuntu and Kali Linux.
How to use Farsight Security’s DNSDB to harness the power of passive DNS
DNS describes the structure of resources on the internet. It can provide lots of valuable information about (attacker or target) infrastructure. However, in order to query DNS records, you must already know the exact domains or subdomains to query. When examining unknown infrastructure, this is not practical. On top of that, DNS records can change often, so historical information is lost. Passive DNS databases help solve both of these problems. Farsight Security DNSDB is the largest passive DNS database in the world. With DNSDB, you can answer questions like “How has this network infrastructure changed over time?”, “What other domains and subdomain point (or have pointed to) this IP address?”, “What are the subdomains and resource records for this domain?”
How to examine a credential harvesting page using Microsoft Edge
Recently I analyzed a credential harvesting page with some interesting characteristics that made a great teaching moment. In this post, I’ll go over how I used the developer tools built into Microsoft Edge to examine the credential harvesting page.
How to configure a nginx reverse proxy with Let’s Encrypt certificates
The certbot utility by the Electronic Fronter Foundation (EFF) can use DNS authentication to obtain, install, and renew free trusted SSL certificates on a variety of webserver configurations, including a nginx reverse proxy.
This configuration can be used on internal and external websites. It is particularly useful in situations where you want to have a trusted certificate for an internal web application without the time, effort, and risks of creating and maintaining your own internal Certificate Authority (CA).
As an example, this guide will explain how to configure nginx with a trusted certificate to act as a reverse proxy in front of a Unifi Controller.
How to forward a forensic copy of an email as an attachment
If you receive a fraudulent email, can be very useful to send a full forensic copy to an organization that is being spoofed, industry partners, and law enforcement.
When a user clicks forward in a mail client, the client copies the message’s content and attachments to a new message. The original message headers are not included.
In order to send a full forensic sample that includes the original message headers, the original message must be sent as an attachment in a new message. The process for doing this varies by mail client.
How to view email headers
Email headers contain very useful information for tracing a message’s origin and troubleshooting its delivery. Email headers are written with the oldest headers at the bottom, and the newest headers at the top. By reading the headers in the correct order, you can see how the message was passed from one mail server to another, and the actions each mail server took along the way.
Most email clients have a function to display a message’s headers. The exact steps depends on the client.
Demystifying DMARC: A guide to preventing email spoofing
DMARC can stop spoofed spam and phishing from reaching you and your customers, protecting your information security and your brand. However, complexity and misconceptions deter many organizations from ever deploying it. Part mythbusting , part implementation guide, this post explains the shortcomings of SPF and DKIM, what DMARC is, how to deploy DMARC properly, and how to respond to DMARC reports – all without the need for an additional vendor, thanks to open source software!
How to compile and install FFmpeg on Debian/Ubuntu
Here’s how to build and install FFmpeg from source with all the bells and whistles (i.e codec support). We’ll install it as a custom Debian package using checkinstall. That way, any other package that depends on the ffmpeg package will recognize that it is already installed, and won’t try to fetch it from the Debian or Ubuntu software repositories.