Toolsmith #124: Dripcap – Caffeinated Packet Analyzer
Dripcap is a modern, graphical packet analyzer based on Electron. Electron, you say? "Electron is a framework for creating native applications with web technologies like JavaScript, HTML, and CSS. It takes care of the hard parts so you can focus on the core of your application."We should all be deeply ... Read More
Toolsmith Release Advisory: Sysmon v6 for Securitay
Sysmon just keeps getting better.I'm thrilled to mention that @markrussinovich and @mxatone have released Sysmon v6.When I first discussed Sysmon v2 two years ago it offered users seven event types.Oh, how it's grown in the last two years, now with 19 events, plus an error event.From Mark's RSA presentation we ... Read More
Aikido & HolisticInfoSec™
This is the 300th post to the HolisticInfoSec™ blog. Sparta, this isn't, but I thought it important to provide you with content in a warrior/philosopher mindset regardless. Your author is an Aikido practitioner, albeit a fledgling in practice, with so, so much to learn. While Aikido is often translated as ... Read More
The DFIR Hierarchy of Needs & Critical Security Controls
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, consider Matt Swann's Incident Response Hierarchy of Needs. Likely, at some point in your career (or therapy 😉) you've heard reference to Maslow's Hierarchy of Needs. In summary, Maslow's terms, physiological, ... Read More
Toolsmith – GSE Edition: Image Steganography & StegExpose
Cross-posted on the Internet Storm Center Diary.Updated with contest winners 14 DEC. Congrats to: Chrissy @SecAssistanceOwen Yang @HomingFromWorkPaul Craddy @pcraddyMason Pokladnik - Fellow STI gradElliot Harbin @klax0ffIn the last of a three part (Part 1-GCIH, Part 2-GCIA) series focused on tools I revisited during my GSE re-certification process, I thought ... Read More
Toolsmith – GSE Edition: Scapy vs CozyDuke
In continuation of observations from my GIAC Security Expert re-certification process, I'll focus here on a GCIA-centric topic: Scapy. Scapy is essential to the packet analyst skill set on so many levels. For your convenience, the Packetrix VM comes preconfigured with Scapy and Snort, so you're ready to go out ... Read More
Toolsmith – GSE Edition: snapshot.ps1
I just spent a fair bit of time preparing to take the GIAC Security Expert exam as part of the requirement to recertify every four years. I first took the exam in 2012, and I will tell you, for me, one third of the curriculum is a "use it or ... Read More
Toolsmith Release Advisory: Malware Information Sharing Platform (MISP) 2.4.52
7 OCT 2016 saw the release of MISP 2.4.52.MISP, Malware Information Sharing Platform and Threat Sharing, is free and open source software to aid in sharing of threat and cyber security indicators.An overview of MISP as derived from the project home page:Automation: Store IOCs in a structured manner, and benefit ... Read More
Toolsmith In-depth Analysis: motionEyeOS for Security Makers
It's rather hard to believe, unimaginable even, but here we are. This is the 120th consecutive edition of toolsmith; every month for the last ten years, I've been proud to bring you insights and analysis on free and open source security tools. I hope you've enjoyed the journey as much ... Read More
