Featured
Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

This walkthrough uses the DNSBL portion of pfBlockerNG to remove ads/advertising and more importantly, malvertising. It essentially creates a functionality similar to the pi-Hole project except it doesn’t require a separate piece of hardware. Instead, you just use your pfSense + pfBlockerNG! If you’re interested in a write-up on installing/configuring the pi-hole on Ubuntu, I have one here. Please note this walkthrough is for the devel version of pfBlockerNG. The pfBlockerNG-devel package is in the standard list of available packages…

Read More Read More

All Cybersecurity Is Not Created Equal

All Cybersecurity Is Not Created Equal

I love telling stories about some of the things I’ve seen or done because it helps align mere talking points (or theory) to reality. This is a story I’ve told and presented on several times. It always resonates with the audience and businesses so I figured I would share it here. I was approached by a friend who works in the healthcare space. He asked me to perform a security assessment and light penetration test of his business. My immediate…

Read More Read More

Cybersecurity Awareness Training – Open Source Presentation & Slides

Cybersecurity Awareness Training – Open Source Presentation & Slides

Get Active In Your Community My company spent months putting together high-quality cybersecurity awareness training material. We reached out to numerous professionals for feedback — information security, IT, and otherwise. We presented the material several times both publicly and behind closed doors. We continued (continue) tweaking the material based on attendee and professional feedback. Now… We’re giving it away for free!  Why? At the end of the day, we are just one company. No matter how awesome we think we…

Read More Read More

Installing OpenVAS (GVM) on CentOS 7

Installing OpenVAS (GVM) on CentOS 7

This is a walkthough for installing and configuring OpenVAS (GVM) on CentOS 7. OpenVAS (Open Vulnerability Assessment System) is an opensource vulnerability scanner. Update 20April2019: Greenbone is deprecating OpenVAS version 9 and version 10 is now known as Greenbone Vulnerability Manager (GVM). Likewise, the new rpms are called ‘greenbone-vulnerability-manager’ and ‘gvm-libs’ which replace the ‘openvas’ and ‘openvas-libraries’ rpms. If you are upgrading from 9 to the latest version, you may lose your previous tasks and reports so beware! Also, if…

Read More Read More

Bypass DNS Controls with DNS over HTTPS (no bootstrap required)

Bypass DNS Controls with DNS over HTTPS (no bootstrap required)

I have a love/hate relationship with DNS over HTTPS (DoH). While I see it’s usefulness for those who live in less than savory political conditions, I also see it causing huge headaches for sysadmins — shadow IT, pen testers and hackers bypassing controls, etc. Nonetheless, this is a walkthrough for those interested in bypassing in-place DNS controls with DoH and *not* using a bootstrap address. Changelog18Feb2019 – Originally posted Many articles discuss how to configure a browser (specifically Firefox) for…

Read More Read More

Installing pi-hole on Ubuntu 18.04 LTS

Installing pi-hole on Ubuntu 18.04 LTS

In this walkthrough, I will walkthrough how to install and test the pi-hole on Ubuntu and more specifically, Ubuntu Server. These same instructions may work on Ubuntu Desktop, but I strongly suggest Server. Why Ubuntu instead of a Raspberry Pi? I love Raspberry Pis and I probably own at least 10 of them. But sometimes I want to perform DNS blocking/blackholing and I either a) don’t have a Raspberry Pi in an environment or b) I have a virtual environment…

Read More Read More

Onion-Zeek-RITA

Onion-Zeek-RITA

This research is also available for download from the SANS Reading Room. I’ve included the link below. Feel free to add comments or ask questions on this website even if you download the paper from the SANS Reading Room. Onion-Zeek-RITA: Improving Network Visibility and Detecting C2 Activity Changelog26Dec2018 – Originally posted6Jan2019 – Added link to SANS Reading Room Onion-Zeek-RITA: Improving Network Visibility and Detecting C2 Activity Abstract The information security industry is predicted to exceed 100 billion dollars in the…

Read More Read More

pfSense VLANs on Proxmox

pfSense VLANs on Proxmox

Proxmox is a server virtualization management platform. In many ways, it is an open-source version of ESXi for VMware. While Proxmox is growing on me, the documentation is a bit on the short side and/or in many cases flat out wrong because it has changed so much. I found this out when trying to virtualize pfSense and I was playing around with VLANs. One source said to do it this way, another said something completely different. The kicker is that…

Read More Read More

SSHGuard settings on pfSense

SSHGuard settings on pfSense

Something that always annoyed me when performing a vulnerability scan on a pfSense system was the alerts it triggered. Basically, the vulnerability scanner would attempt to bruteforce SSH logins, which would trigger the sshguard protections, placing the IP address in the sshguard table (Diagnostics -> Tables), producing 100’s of firewall block messages, etc. Dec 3 16:22:37 – Int: em0 Type: block Prot: tcp Src: 192.168.1.8:38553 Dest: 192.168.1.1:22 Tracker: 1000000301 – block drop in log quick proto tcp from <sshguard:1> to…

Read More Read More

Scam alert: Microsoft license has expired

Scam alert: Microsoft license has expired

You receive a robocall stating your Microsoft license has expired. This is a absolutely, positively, 100% a scam. And it is making its rounds again. For what it is worth, I can recall exactly one phone call from Microsoft in my 20+ year career and that was because I put in a support call to them. Needless to say, Microsoft will never call you because you have a virus, for any level of tech support, or pretty much any other…

Read More Read More