Monthly Archives: January 2018

Install/Setup Kolide Fleet + Graylog + OSQuery with Windows and Linux deployment

In this blog post we will be installing, setting up, and utilizing Kolide Fleet as our OSQuery fleet manager. As stated by¬†Kolide, ” Fleet is a state of the art host monitoring platform tailored for security experts. Leveraging Facebook’s battle-tested OSQuery project, Fleet delivers fast answers to big questions.” In future blog posts I plan on using this tool for incident response and threat hunting scenarios.

Continue reading

Part 2a: Intro to Threat Hunting with Kolide Fleet, OSQuery, Powershell Empire, and Caldera – Setup environment

In this blog post series, I am documenting my novice pursuit for knowledge to become a threat hunter. This series has a strong focus on utilizing OSQuery to hunt for different techniques used by adversaries. The first post of this series, will consist of instructions to set up a lab environment. The second post of this series will be walking through red team scenarios with Powershell Empire, and MITRE’s cyber adversary emulation system called Caldera.

The third post in this series, will utilize OSQuery to hunt red team activity by discovering artifacts and modifications made to the system. The fourth post in this series, will integrate our successful hunts into Graylog for logging and alerting. Lastly, this series will be generating threat-hunting playbooks and scoring our detection capabilities using Cyb3rWard0g’s system.

Continue reading

Install/Setup MITRE Caldera the automated cyber adversary emulation system

In this blog post I will be covering how to setup and utilize MITRE’s new tool called Caldera. Caldera is a cyber adversary emulation system that operates on a server/agent model. On the server you can create adversary campaigns that are deployed to your agents. Your agents will periodically call back with their results and progress. Let’s begin!

Continue reading