Splunk Data Models

Splunk data models are a security professional’s best friend in terms of alerting, investigation, and audit. Splunk ES has an entire suite of baked-in correlation searches, but I want to talk about models a bit.

If you don’t know what Splunk is, hey, stop and go check out their free demo. I’ve never made a dime from Splunk as of this writing, but I like their software and wish Kibana were as functional for security purposes.

Continue reading “Splunk Data Models”

Wireless Security: WPA3 and Wifi Cracking

WPA3 certification has begun. I’m not sure there’s a lot to say about the current state of wireless security beyond keeping routers up to date and using nice long passwords.

I’ll briefly revisit the ez-mode version of the testing I’ve done in the past, but it’s pretty straightforward.

Continue reading “Wireless Security: WPA3 and Wifi Cracking”

Security Onion 2018

Something I’ve had reason to play a lot with over the last few months is Security Onion, a free and open source product that frankly compares damn well to a number of *very* expensive proprietary products.

It requires no small amount of Linux and tech knowledge to start digging into, but you get an ELK stack, full packet capture, a number of GUI options for visibility into network and file system alerts.. it’s really neat.

I struggled to get my ELK stack working properly but the eventual culprit was memory: I’d recommend a minimum of 4-8 gigs of RAM.

I’m now looking into ways to build cheap nsm sensors out of something akin to Raspberry Pis, but I don’t know how feasible that is yet.