Tools | HoldMyBeer

Aug 17 2017

Incident Response, System Administration, Tools

Install/Setup Doorman + OSQuery on Windows, Mac OSX, and Linux deployment

In this post I am going to explore the tool OSquery. OSquery allows you to easily ask questions about your Linux, Windows, and macOS infrastructure. Whether your goal is intrusion detection, infrastructure reliability, or compliance, OSquery gives you the ability to empower and inform a broad set of organizations within your company. It is a tool that is used by system administrators, incident responders, and ole mighty threat hunters. However, in this post I will not be posting how to use OSquery for threat hunting. I hope to utilize the tool in my environment and write a later post :).

Continue reading →

Jul 29 2017

2 Comments

Incident Response, Malware Analysis, Memory Forensics, Threat Hunting, Tools Image

Rekall memory analysis framework for Windows, Linux, and Mac OSX

Rekall is the most complete Memory Analysis framework. Rekall provides an end-to-end solution to incident responders and forensic analysts. From state of the art acquisition tools, to the most advanced open source memory analysis framework. Rekall provides cross-platform solutions on Windows, Mac OSX, and Linux. Additionally, as stated above each operating system has it’s own memory acquisition tool provided by Rekall called pmem.

Continue reading →

Jun 25 2017

2 Comments

Incident Response, Threat Intelligence, Tools

Intro to Threat Intelligence with Bro and ELK

One of the biggest trends in cyber security is threat intelligence. A lot of security professionals and enterprises are asking what is threat intelligence, do I need it, and can it improve my security? First let’s start by defining threat intelligence and the rest of this guide will provide a practical use case for threat intelligence. Threat intelligence is utilizing information to detect security threats that traditional methods and technologies may not and providing decision driven incident response based off data.

Continue reading →

May 30 2017

Leave a comment

Threat Intelligence, Tools, Uncategorized

Part 1: Install/Setup Bro Cluster

In this blog series I am going to show you how to setup an effective Bro cluster. In future posts I hope to be tweaking Bro to produce better detection with custom rules and utilizing open threat intelligence feeds. Bro is the perfect solution for a homegrown IDS solution because it’s free and can be distributed. In my home network I have a DNS server and proxy server that I wish to monitor with Bro. Bro allows me to setup agents(workers) to monitor my DNS and proxy servers and forward data to a Bro manager for analysis.

Continue reading →

May 30 2017

Leave a comment

ForFunAndWumbos, Red Teaming, Tools

Part 2: How to red team – Metasploit framework

In this post I am going to briefly cover the exploitation process with the Metasploit framework. A framework is defined as a real or conceptual structure intended to serve as a support or guide for the building of something that expands the structure into something useful. The Metasploit framework allows red teamers to configure an exploit, choose a payload, an encoding technique to obfuscate the payload, and post-exploitation modules after access is gained. The next couple of sections are going to walk through the process of exploitation. I believe the Metasploit approach is a template to know because other frameworks and tools follow the same flow. Continue reading →

Jan 24 2017

Leave a comment

ForFunAndWumbos, Incident Response, System Administration, Tools

Intro to the ELK Stack on CentOS 7

This is a two part series on setting up an ELK stack to receive syslog and in the next post Bro logs. The ELK stack is an awesome collection of software but a complicated MumboJumboCombo of components. I wanted to help break that barrier for beginners and to help explain how each component works. So stick with me on this two part series! I would like to give credit to this DigitalOcean post writer for the ELK stack write-up which I’ll be referencing. Additionally my Github contains a script to setup the ELK stack for CentOS 7 64-bit based on the guide below.

Continue reading →

Dec 05 2016

3 Comments

Incident Response, System Administration, Tools

Part 1: Install/Setup Wazuh with ELK Stack

If you have been following my blog you know that I am trying to increase my Incident Response(IR) skillz and experience. For a class project we had to create/improve a piece of software in the forensic community for Windows(Windows forensic class). From my short time of searching the internet I never found a guide to setting up a logging system for Windows from start to finsh. An effective logging system has an agent/collector, a log aggregator, a data visualizer, and a good alerting mechnism.

The following sytem I have setup has Wazuh(OSSEC fork) for log collection, Wazuh Management for a log aggregator, the ELK stack for data retention and vizualiztion, and elastalert for e-mail alerting. In this guide I will walk you through on how to setup an effective logging system for all operating systems but mainly Windows for free. Additionally, we will be discussing the type of things that should be logged depending on your enviornment. As final note I have included my github repo at the bottom if you want to automated scripts for all of this.
Continue reading →

Nov 22 2016

Leave a comment

ForFunAndWumbos, System Administration, Tools, Uncategorized

RC3 Fall 2016 CTF Infrastructure

In this blog post I will be walking you through how I setup my club’s CTF infrastructure on AWS. I take great pride as the RC3 CTF infrastructure captain (with a bit of an inflated ego 🙂 ) that my infrastructure as a whole never had any downtime! Additionally, our CTF attracted a 1,000 users over the course of a weekend, which was a great stress test for my infrastructure.

This post consists of the following AWS services which are EC2, S3, VPCs, Route 53, RDS, and IAM. Our infrastructure utilized software and services such as CentOS, Ubuntu, HAProxy, Let’s Encrypt, CTFd, Bro, and Nginx/uwsgi. Please keep in mind this guide is a sys admin guide and not a security guide. Some of the security measures implemented in the infrastructure have been left out of this guide to thwart individuals from taking advantage of this build in the future. Without further ado, here we go on the wild ride of creating a CTF cloud computing infrastructure in Amazon’s Web Services (AWS) :).

Continue reading →

Sep 11 2016

2 Comments

Pen Testing, Tools

Part 1: C# to Windows Meterpreter in 10mins.

In this post I will show you how to get a meterpreter session on a Windows box with C#. I give all the credit to guy in this post. I am simply sharing this cool tutorial! This guide assumes that you have a Kali Linux VM and a Windows 7 VM, additionally a method to get the malware on to the remote Windows PC. I will walk you through the process of exploitation and how the code works. I will also show you how to setup Metasploit to get a reverse shell. In part 2 I will discuss how to add functionality to your C#malware and run it as a Windows Service!!!!

Continue reading →

Jun 25 2016

15 Comments

Incident Response, Tools

Part 1: Google GRR Incident Response Tool

GRR Rapid Response is an incident response framework focused on remote live forensics. It based on client server architecture, so there’s an agent which is installed on target systems and a Python server infrastructure that can manage and communicate with the agents.

Continue reading →

Tagged Google Grr

Jun 12 2016

Leave a comment

Memory Forensics, Tools

Windows, Mac OSX and Linux Memory Dump How To

Dumping memory from an operating system can be complicated and is not built-in feature. You also have to keep in mind that memory dumps are a snapshot in time of what is in the memory. The memory is constantly changing every second so having the right tool can be the difference between getting the data you need and having it lost forever. There are various tools for each operating system to accomplish memory dumps. Some tools are easier to setup and use than others and some tools are portable apps. I have provided links at the bottom of this post to all the tools I cover within this post.

Continue reading →

Tagged Memory Dump

Jun 11 2016

2 Comments

Honeypot, Malware Analysis, Tools

Cowire Honeypot Install and Setup

Kippo is typically the go to application for information security researchers looking to set up an SSH honeypot. Likewise the Cowire honeypot is forked from the Kippo project. I personally believe that Cowire is better than Kippo and has fixed some common issues within Kippo. Below I go through a simple instillation of Cowire on Ubuntu 14.04. Within the coming posts I will show some of the common ways attackers detect a Cowire/Kippo instance, and its short comings. Please keep in mind that I mean no disrespect to the developers of the Kippo honeypot! They have provided the most used honeypot on the internet today and have truly done a remarkable job.

HoldMyBeer

Cause every great story starts with "Hold my beer"

Category Archives: Tools

Install/Setup Doorman + OSQuery on Windows, Mac OSX, and Linux deployment

Rekall memory analysis framework for Windows, Linux, and Mac OSX

Intro to Threat Intelligence with Bro and ELK

Part 1: Install/Setup Bro Cluster

Part 2: How to red team – Metasploit framework

Intro to the ELK Stack on CentOS 7

Part 1: Install/Setup Wazuh with ELK Stack

RC3 Fall 2016 CTF Infrastructure

Part 1: C# to Windows Meterpreter in 10mins.

Part 1: Google GRR Incident Response Tool

Windows, Mac OSX and Linux Memory Dump How To

Cowire Honeypot Install and Setup

Continue reading →