Category Archives: Uncategorized

Part 1: Install/Setup Bro Cluster

In this blog series I am going to show you how to setup an effective Bro cluster. In future posts I hope to be tweaking Bro to produce better detection with custom rules and utilizing open threat intelligence feeds. Bro is the perfect solution for a homegrown IDS solution because it’s free and can be distributed. In my home network I have a DNS server and proxy server that I wish to monitor with Bro. Bro allows me to setup agents(workers) to monitor my DNS and proxy servers and forward data to a Bro manager for analysis.

Continue reading

VeraCrypt on Mac OSX El Captain

Veracrypt provides on-the-fly encryption and is also the predecessor and a fork of the Truecrypt project. Back in Fall of 2015 the Truecrypt maintainer’s stated the code was “not secure”. When this happened it left the security community in a huge loss and swirl of what “not secure” meant. However, after several months the internet rolled on and someone decided to pickup the torch and keep running. In this guide I am just running through the installation of Veracrypt, creating Veracrypt containers, and creating hidden Veracrypt cotnainers on Mac OSX El Captain. Continue reading

RC3 Fall 2016 CTF Infrastructure

 

web-banner

 

In this blog post I will be walking you through how I setup my club’s CTF infrastructure on AWS. I take great pride as the RC3 CTF infrastructure captain (with a bit of an inflated ego 🙂 ) that my infrastructure as a whole never had any downtime! Additionally, our CTF attracted a 1,000 users over the course of a weekend, which was a great stress test for my infrastructure.

This post consists of the following AWS services which are EC2, S3, VPCs, Route 53, RDS, and IAM. Our infrastructure utilized software and services such as CentOS, Ubuntu, HAProxy, Let’s Encrypt, CTFd, Bro, and Nginx/uwsgi. Please keep in mind this guide is a sys admin guide and not a security guide. Some of the security measures implemented in the infrastructure have been left out of this guide to thwart individuals from taking advantage of this build in the future. Without further ado, here we go on the wild ride of creating a CTF cloud computing infrastructure in Amazon’s Web Services (AWS) :).

Continue reading

Creating Metasploitable 3 with vagrant

I run a cybersecurity club every Friday and I had to make a vulnerable Windows VM. However, I wanted a VM that everyone could attack in different ways so I decided not to reinvent the wheel and use Metasploitable 3. I would also like to note I TAKE NO CREDIT for the creation of this VM, this guide will show you how to create that VM on Kali Linux. AS WELL I take no liability, damage, or legality if you use this post to make a Windows VM. I am unsure of the legality of distributing a Windows VM for something like this so please use at your own risk. Additionally at the bottom I provide a download link for anyone who wants to download this VM premade. Thanks and enjoy.

Continue reading

Install/Setup Hashcat + AMD + CentOS 7

During this post I will show you how to setup Hashcat on CentOS 7 with an AMD video card. I currently have an AMD 7950 in my ESXi box and I will be doing hardware pass-through for the video card. This post came out of recent dumps of Dropbox and LinkedIn. As a security person I am always curious to look at these dumps an get common passwords to generate my own common password list. In

Continue reading