Skip to content

VIVI

Security Enthusiast

Twitter Google Plus
  • Home
  • About
  • Twitter
  • Github
  • Presentations

Category: infrastructure

Attack Infrastructure Logging – Part 4: Log Event Alerting

March 23, 2018March 23, 2018VIVILeave a comment

Attack Infrastructure Logging Series: Part 1: Logging Server Setup Part 2: Log Aggregation Part 3: Graylog Dashboard 101 Part 4: Log Event Alerting Quick recap; we setup a Graylog logging server, configured it to collect logs from multiple attack infrastructure assets and visualised some of this log data on a custom dashboard. I’ll be wrapping up this…

Read More

Attack Infrastructure Logging – Part 3: Graylog Dashboard 101

March 23, 2018March 23, 2018VIVILeave a comment

Attack Infrastructure Logging Series: Part 1: Logging Server Setup Part 2: Log Aggregation Part 3: Graylog Dashboard 101 Part 4: Log Event Alerting The last 2 posts of this blog series had us setting up a logging server and aggregating logs into it from our various attack infrastructure assets. This brief post will go over setting up a…

Read More

Attack Infrastructure Logging – Part 2: Log Aggregation

March 23, 2018May 21, 2018VIVILeave a comment

Attack Infrastructure Logging Series: Part 1: Logging Server Setup Part 2: Log Aggregation Part 3: Graylog Dashboard 101 Part 4: Log Event Alerting In my previous post I covered setting up a Graylog2 logging server. In this post, we’re going to start getting some logs from our infrastructure assets into our Graylog installation. The number and type of…

Read More

Attack Infrastructure Logging – Part 1: Logging Server Setup

March 23, 2018May 23, 2018VIVILeave a comment

Background: One of my goals this year was to improve my infrastructure log management procedures during engagements. Up until quite recently my log management technique was opening a couple of terminal tabs, SSH-ing into all my infrastructure assets and cat-ing, tailf-ing and grepping the log files I was interested in. As you can imagine this…

Read More

Securing your Empire C2 with Apache mod_rewrite

November 3, 2017November 4, 2017VIVI

Background: Christmas came early this year for red teamers with the release of the Red Team Infrastructure Wiki. It debuted right after an amazing red team infrastructure presentation by Jeff Dimmock and Steve Borosh. I can’t even begin to get into how invaluable the wiki is when designing and securing your infrastructure, check it out for yourself…

Read More

VIVI

  • About
  • Presentations

Connect

Twitter

Github

Recent Posts

  • A Data Hunting Overview
  • Attack Infrastructure Logging – Part 4: Log Event Alerting
  • Attack Infrastructure Logging – Part 3: Graylog Dashboard 101
  • Attack Infrastructure Logging – Part 2: Log Aggregation
  • Attack Infrastructure Logging – Part 1: Logging Server Setup

Archives

  • May 2018 (1)
  • March 2018 (4)
  • November 2017 (1)
  • June 2017 (1)
  • March 2017 (1)
  • November 2016 (1)
  • June 2016 (1)
© 2019 VIVI | WordPress Theme: Drento by CrestaProject.