When people ask what their baseline configuration should be, in terms of logging, I feel like it often gets answered with general advice regarding knowing your environment, having different configurations for file servers vs domain controllers, etc. This is true advice, but not particularly helpful. You might not know your
For average/home users Someone on twitter [https://twitter.com/Rooster_75/status/1470746847790706698] asked two questions that I thought might be valuable for this article, paraphrasing: > Can someone explain the Log4j vulnerability in non-IT terms, and is there any mitigation my level as average mere mortal? 1) A
There is an often-referenced article here [https://www.deploymentresearch.com/psscriptpolicytest-script-gets-blocked-by-applocker-in-the-event-log-why-and-what-are-those-files/] that lays out what these files look like, what they do, and where they originate. From the perspective of trying to identify them however, it was a bit out of date, and nobody really goes over everything that these
I have, for a long time, been watching my logs for unusually long command line artifacts. Something suspicious doesn't have to be long, but except for a few well-known and easily ignored applications, most long command lines are suspicious. For example, imagine you came across this [https://threatpost.
Plus CloudFlare and proper LetsEncrypt Certs I got bored and decided to play with a cloud-hosted Foundry VTT [https://foundryvtt.com/] server. They have some great guides [https://foundryvtt.wiki/en/setup/hosting/DigitalOcean-Initialization-Script] for getting started with some of these. I could get a little more bang for my
Very quick post, mostly notes for myself. When using Volatility 3 you might noticed that some plugins cannot be loaded # ./vol.py -h [...] The following plugins could not be loaded (use -vv to see why): volatility.plugins.windows.cachedump, volatility.plugins.windows.callbacks, volatility.plugins.windows.hashdump, volatility.plugins.windows.
I'm a huge fan of https://makemeapassword.ligos.net/generate/readablepassphrase, and regularly advise people to use it when generating passwords that need to be memorized or typed frequently. However, there's been numerous times people have expressed concerns that they're effectively generating passwords on
There's really nothing special here except a mildly updated example of the code found here: https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTTUT/RESTsearches#Python_example Basically, updated to python3 due to the impending end-of-life (print() adjustment, and urlencode had changed in Python3). While I was