Attack Infrastructure Logging – Part 4: Log Event Alerting

Attack Infrastructure Logging Series: Part 1: Logging Server Setup Part 2: Log Aggregation Part 3: Graylog Dashboard 101 Part 4: Log Event Alerting Quick recap; we setup a Graylog logging server, configured it to collect logs from multiple attack infrastructure assets and visualised some of this log data on a custom dashboard. I’ll be wrapping up this…

Attack Infrastructure Logging – Part 3: Graylog Dashboard 101

Attack Infrastructure Logging Series: Part 1: Logging Server Setup Part 2: Log Aggregation Part 3: Graylog Dashboard 101 Part 4: Log Event Alerting The last 2 posts of this blog series had us setting up a logging server and aggregating logs into it from our various attack infrastructure assets. This brief post will go over setting up a…

Attack Infrastructure Logging – Part 2: Log Aggregation

Attack Infrastructure Logging Series: Part 1: Logging Server Setup Part 2: Log Aggregation Part 3: Graylog Dashboard 101 Part 4: Log Event Alerting In my previous post I covered setting up a Graylog2 logging server. In this post, we’re going to start getting some logs from our infrastructure assets into our Graylog installation. The number and type of…

Attack Infrastructure Logging – Part 1: Logging Server Setup

Background: One of my goals this year was to improve my infrastructure log management procedures during engagements. Up until quite recently my log management technique was opening a couple of terminal tabs, SSH-ing into all my infrastructure assets and cat-ing, tailf-ing and grepping the log files I was interested in. As you can imagine this…

Securing your Empire C2 with Apache mod_rewrite

Background: Christmas came early this year for red teamers with the release of the Red Team Infrastructure Wiki. It debuted right after an amazing red team infrastructure presentation by Jeff Dimmock and Steve Borosh. I can’t even begin to get into how invaluable the wiki is when designing and securing your infrastructure, check it out for yourself…