Snorby & Snort is up and running

Finally I setup my home IDS: Snort & Snorby on top. The goal: to see what is going on in my Internet traffic, is there anything interesting. Also Snort output will be collected by home Splunk instance. The screenshot below shows only test events, nothing serious 🙂 I used this guide: Home IDS with Snort … Read more

RedKit Java exploit – under the hood

Here I put some technical details about RedKit Java exploit. I will use real sample of captured network traffic. The analysis was done using the following tools: CuckooBox 0.6, Java Decompiler GUI, Wireshark. Don’t follow any URLs in this post! They may still contain the malware. OK, now step 1: a victim visits an infected … Read more

ESM ArcSight plugins – how to

Introduction I attended many sessions at the “HP Protect 2012” conference last September and one of them – the “Plug it in!” by Doron Keller (HP/ArcSight) was very interesting for me. As a former software developer, I always like any possibilities of enriching features of an existing product by writing few lines of code. Furthermore … Read more