Follow up on C3CM: Pt 2 – Bro with Logstash & Kibana (read Applied NSM)
In September I covered using Bro with Logstash and Kibana as part of my C3CM (identify, interrupt, and counter the command, control, and communications capabilities of our digital assailants)series in...
View ArticleClik here to view.
toolsmith: Tails - The Amnesiac Incognito Live System
Privacy for anyone anywherePrerequisites/dependenciesSystems that can boot DVD, USB, or SD media (x86, no PowerPC or ARM), 1GB RAMIntroduction“We will open the book. Its pages are blank. We are going...
View ArticleClik here to view.
2013 Toolsmith Tool of the Year: Recon-ng
Congratulations to Tim Tomes of Black Hills Information Security.@LaNMaSteR53's Recon-ng is the 2013 Toolsmith Tool of the Year.We had quite the turnout this year, with 881 total votes. Recon-ng...
View ArticleClik here to view.
toolsmith: SimpleRisk - Enterprise Risk Management Simplified
Prerequisites/dependenciesLAMP/XAMPP serverIntroductionOur editorial theme for February’s ISSA Journal happens to be Risk, Threats, and Vulnerabilitieswhich means that Josh Sokol’s SimpleRisk as our...
View ArticleClik here to view.
toolsmith: SpiderFoot
Prerequisites/dependenciesPython 2.7 if running on *nix as well as M2Crypto, CherryPy, netaddr, dnspython, and Mako modulesWindows version comes as a pre-packaged executable, no...
View ArticleClik here to view.
Browse this: & Oryon C Portable & WhiteHat Aviator
Please take a moment as you read this toolsmith to honor those lost in the Oso, WA landslide disaster and those who have lost loved ones, friends, and homes. Pro Civitas et...
View ArticleClik here to view.
toolsmith: Microsoft Threat Modeling Tool 2014 - Identify & Mitigate
Prerequisites/dependenciesWindows operating systemIntroductionI’ve long been deeply invested in the performance of threat modeling with particular attention to doing so in operational environments...
View ArticleClik here to view.
toolsmith: Testing and Research with BlackArch Linux
IntroductionIt’s the 24th of May as I write this, just two days prior to Memorial Day. I am reminded, as Wallace Bruce states in his poem of the same name, that “who kept the faith and fought the...
View ArticleClik here to view.
toolsmith: ThreadFix - You Found It, Now Fix It
PrerequisitesThreadFix is self-contained and as such runs on Windows, Mac, and Linux systemsJEE based, Java 7 neededIntroductionAs an incident responder, penetration tester, and web application...
View ArticleClik here to view.
toolsmith - Threats & Indicators: A Security Intelligence Lifecycle
*borrowed directly from my parent team, thanks Elliot and ScottPrerequisitesMicrosoft .NET Framework, Version 3.5 or higher for IOCePython 2.7 interpreter for OpenIOC to STIXIntroductionI’ve been...
View ArticleClik here to view.
toolsmith - Jay and Bob Strike Back: Data-Driven Security
PrerequisitesData-Driven Security: Analysis, Visualization and DashboardsR and RStudio as we’ll only focus on the R side of the discussionAll other dependencies for full interactive use of the book’s...
View ArticleClik here to view.
toolsmith: HoneyDrive - Honeypots in a Box
PrerequisitesVirtualization platformIntroductionLate in July, Ioannis Koniaris of BruteForce Lab (Greece) released HoneyDrive 3, the Royal Jelly edition. When Team Cymru’s Steve Santorelli sent out...
View ArticleClik here to view.
toolsmith: Inside and Outside the Wire with FruityWifi & WUDS
PrerequisitesI recommend a dedicated (non-VM) Kali distribution if you don’t have a Raspberry Pi.IntroductionI have noted to myself, on more than one occasion, now more than eight years in to writing...
View ArticleClik here to view.
toolsmith #108: Visualizing Network Data with Network Data
PrerequisitesR development environment (R, RStudio)This month finds us in a new phase for toolsmith as it will not be associated with ISSA or the ISSA Journal any further. Suffice it to say that the...
View ArticleClik here to view.
toolsmith #109: CapLoader network carving from Rekall WinPmem Memory Image
With some of my new found flexibility (not bound to print deadlines) I'm now able to provide near-realtime toolsmith content in direct response to recommendations or interaction via social media...
View ArticleClik here to view.
toolsmith #110: Sysinternals vs Kryptic
26 OCT 2015 marked some updates for the venerable Windows Sysinternals tool kit, presenting us with the perfect opportunity to use them in a live malware incident response scenario. Immediately...
View ArticleClik here to view.
toolsmith #111: Lovely RITA, may I inquire?
We benefit this month from another offering first spotted via my fellow tool aficionados over at Toolswatch. And just like that, bam! A Beatles song...stuck in my head...all day.The crazy crew at...
View ArticleVote now: 2015 Toolsmith Tool of the Year
If your browser doesn't support IFRAMEs, you can vote directly here. Create your own user feedback survey
View ArticleClik here to view.
toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
Happy New Year and welcome to 2016!When last we explored red team versus blue team tactics in May 2015, we utilized Invoke-Mimikatz, then reviewed and analyzed a victim with WinPmem and Rekall. The...
View ArticleClik here to view.
toolsmith #113: DFIR case management with FIR
#NousSommesUnis #ViveLaFrance Bonjour! This month we'll explore Fast Incident Response, or FIR, from CERT Societe Generale, the team responsible for providing information security incident handling and...
View Article