DNS describes the structure of resources on the internet. It can provide lots of valuable information about (attacker or target) infrastructure. However, in order to query DNS records, you must already know the exact domains or subdomains to query. When examining unknown infrastructure, this is not practical. On top of that, DNS records can change often, so historical information is lost. Passive DNS databases help solve both of these problems. Farsight Security DNSDB is the largest passive DNS database in the world. With DNSDB, you can answer questions like “How has this network infrastructure changed over time?”, “What other domains and subdomain point (or have pointed to) this IP address?”, “What are the subdomains and resource records for this domain?”
Recently I analyzed a credential harvesting page with some interesting characteristics that made a great teaching moment. In this post, I’ll go over how I used the developer tools built into Microsoft Edge to examine the credential harvesting page.
certbot utility by the Electronic Fronter Foundation (EFF) can use DNS authentication to obtain, install, and renew free trusted SSL certificates on a variety of webserver configurations, including a nginx reverse proxy.
This configuration can be used on internal and external websites. It is particularly useful in situations where you want to have a trusted certificate for an internal web application without the time, effort, and risks of creating and maintaining your own internal Certificate Authority (CA).
As an example, this guide will explain how to configure nginx with a trusted certificate to act as a reverse proxy in front of a Unifi Controller.
If you receive a fraudulent email, can be very useful to send a full forensic copy to an organization that is being spoofed, industry partners, and law enforcement.
When a user clicks forward in a mail client, the client copies the message’s content and attachments to a new message. The original message headers are not included.
In order to send a full forensic sample that includes the original message headers, the original message must be sent as an attachment in a new message. The process for doing this varies by mail client.
Email headers contain very useful information for tracing a message’s origin and troubleshooting its delivery. Email headers are written with the oldest headers at the bottom, and the newest headers at the top. By reading the headers in the correct order, you can see how the message was passed from one mail server to another, and the actions each mail server took along the way.
Most email clients have a function to display a message’s headers. The exact steps depends on the client. In most cases, this requires the desktop version of the client.
DMARC can stop spoofed spam and phishing from reaching you and your customers, protecting your information security and your brand. However, complexity and misconceptions deter many organizations from ever deploying it. Part mythbusting , part implementation guide, this post explains the shortcomings of SPF and DKIM, what DMARC is, how to deploy DMARC properly, and how to respond to DMARC reports – all without the need for an additional vendor, thanks to open source software!
Here’s how to build and install FFmpeg from source with all the bells and whistles (i.e codec support). We’ll install it as a custom Debian package using
checkinstall. That way, any other package that depends on the
ffmpeg package will recognize that it is already installed, and won’t try to fetch it from the Debian or Ubuntu software repositories.
YARA is described as “The pattern matching Swiss knife for malware researchers (and everyone else)”. Think of it as like
grep, but instead of matching based on one pattern, YARA matches based on a set of rules, with each rule capable of containing multiple patterns, and complex condition logic for further refining matches. It’s a very useful tool. Let’s go over some practical examples of how to use it.
The Windows Subsystem for Linux (WSL) was introduced by Microsoft in the Windows 10 Anniversary Update. It allows users to run a full Linux user space in Windows. It is a much nicer approach for most applications than Cygwin, or using a Linux VM. It is not an emulator either. Think of it as GNU/Linux/Windows (apologies to Richard Stallman). This guide starts off with Microsoft’s instructions for installing the WSL, and then goes a few steps further by describing how to run graphical Linux applications.