Category Archives: Uncategorized

Tales of a Blue Teamer: Detecting Powershell Empire shenanigans with Sysinternals

Sysinternals is my go to Windows toolkit for malware analysis, incident response, and troubleshooting. Sysinternals contain tools that enable the user to analyze the inner workings of a Windows system. In this blog post, I will be covering how to use Sysinternals in Red vs.Blue competitions to detect Red team activity.

Continue reading

Part 1: Install/Setup Bro Cluster

In this blog series I am going to show you how to setup an effective Bro cluster. In future posts I hope to be tweaking Bro to produce better detection with custom rules and utilizing open threat intelligence feeds. Bro is the perfect solution for a homegrown IDS solution because it’s free and can be distributed. In my home network I have a DNS server and proxy server that I wish to monitor with Bro. Bro allows me to setup agents(workers) to monitor my DNS and proxy servers and forward data to a Bro manager for analysis.

Continue reading

VeraCrypt on Mac OSX El Captain

Veracrypt provides on-the-fly encryption and is also the predecessor and a fork of the Truecrypt project. Back in Fall of 2015 the Truecrypt maintainer’s stated the code was “not secure”. When this happened it left the security community in a huge loss and swirl of what “not secure” meant. However, after several months the internet rolled on and someone decided to pickup the torch and keep running. In this guide I am just running through the installation of Veracrypt, creating Veracrypt containers, and creating hidden Veracrypt cotnainers on Mac OSX El Captain. Continue reading

RC3 Fall 2016 CTF Infrastructure




In this blog post I will be walking you through how I setup my club’s CTF infrastructure on AWS. I take great pride as the RC3 CTF infrastructure captain (with a bit of an inflated ego 🙂 ) that my infrastructure as a whole never had any downtime! Additionally, our CTF attracted a 1,000 users over the course of a weekend, which was a great stress test for my infrastructure.

This post consists of the following AWS services which are EC2, S3, VPCs, Route 53, RDS, and IAM. Our infrastructure utilized software and services such as CentOS, Ubuntu, HAProxy, Let’s Encrypt, CTFd, Bro, and Nginx/uwsgi. Please keep in mind this guide is a sys admin guide and not a security guide. Some of the security measures implemented in the infrastructure have been left out of this guide to thwart individuals from taking advantage of this build in the future. Without further ado, here we go on the wild ride of creating a CTF cloud computing infrastructure in Amazon’s Web Services (AWS) :).

Continue reading