Browsed by
Tag: SANS

Sending pfSense logs to the DShield project

Sending pfSense logs to the DShield project

Changelog 02June2017 – Originally posted 28Nov2017  – Updated due to script changes What is DShield and why would I send them my logs? According to the SANS Internet Storm Center (ISC), “DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.” While DShield is often referred to generically as a “collaborative firewall log correlation system,” for all practical purposes, it is a bit of threat intelligence well before threat intelligence was…

Read More Read More

Testing SPF, DKIM, and DMARC

Testing SPF, DKIM, and DMARC

If you are interested in a step-by-step implementation of SPF, DKIM, and DMARC, there’s a post for that! It’s on this site as well and it will walk you through the entire process. https://www.linuxincluded.com/implementing-spf-dkim-and-dmarc/ Changelog 17Nov2017 – Originally posted 25Mar2018 – Added more SPF tests specifically for lookups Before you jump into testing SPF, DKIM, or DMARC, you need to verify where your authoritative DNS nameservers are. The easiest way to do this is by going to a Linux command…

Read More Read More

Implementing SPF, DKIM, and DMARC

Implementing SPF, DKIM, and DMARC

If you made it here, you might not be interested in the why’s of implementing the holy trinity – SPF, DKIM, and DMARC – of anti-email spoofing. However, if you’re still uncertain whether you should or shouldn’t, just do it! With the guide below, you’ll see it isn’t all that difficult and when used together, they provide great benefits like brand protection, reducing a phishing attack vector, less chance of your legitimate marketing emails ending up in spam, etc. It also…

Read More Read More

Hacking HL7 Data Interfaces in Medical Environments: Attacking and Defending the Achille’s Heel of Healthcare

Hacking HL7 Data Interfaces in Medical Environments: Attacking and Defending the Achille’s Heel of Healthcare

This security research paper is the second of two examining the HL7 messaging standard, which is arguably the most fundamental flaw in healthcare IT. HL7 is used extensively for system-to-system communications and is in nearly every healthcare facility worldwide. The first paper is an overview of what can be done with stolen medical data, what HL7 is, as well as potential dangers inherent to HL7. The second paper moves beyond theory and is an in-depth, technical discussion on ways to…

Read More Read More

HL7 Data Interfaces in Medical Environments: Understanding the Fundamental Flaw in Healthcare

HL7 Data Interfaces in Medical Environments: Understanding the Fundamental Flaw in Healthcare

This security research paper is the first of two examining the HL7 messagiang standard, which is arguably the most fundamental flaw in healthcare IT. HL7 is used extensively for system-to-system communications and is in nearly every healthcare facility worldwide. The first paper is an overview of what can be done with stolen medical data, what HL7 is, as well as potential dangers inherent to HL7. The second paper moves beyond theory and is an in-depth, technical discussion on ways to…

Read More Read More

Uncovering Indicators of Compromise

Uncovering Indicators of Compromise

Last updated: 16 October 2016 This is the new version of a paper and script I originally wrote as part of my SANS gold paper for the GCCC certification. The paper re-write was primarily in preparation for my presentation of the topic at the 2016 Nagios World Conference… Unfortunately, the conference was canceled. <sigh> Nonetheless, the paper now covers version 6 of the Critical Security Controls instead of 5.1. The original paper in PDF format can still be retrieved from the SANS…

Read More Read More