Getting Started in Security

Posted on Mon 23 July 2018 in howto

I meet IT folks fairly frequently who want to know how to get started in Security. But Security is a huge field! What kind of security are you intersted in? Or what kind of Security do you think you're interested in? And how do you find out?


Personally, I'm …

Continue reading

Whitelisting IPs in OSSEC

Posted on Mon 22 May 2017 in howto • Tagged with securityonion, ossec

Another tool in the arsenal of Security Onion is OSSEC, a "scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS)." OSSEC examines log and alert events and correlates them against pre-built (or custom) rules and sends alerts as configured. When installed on the Security Onion server, OSSEC alerts are logged …

Continue reading

Security Onion: Validating EXE/DLL Download Alerts

Posted on Wed 17 May 2017 in howto • Tagged with securityonion

As I've mentioned before, Security Onion is a fantastic network security-focused Linux distribution which can monitor your network and/or hosts for malicious activity.

The Onion can run Snort or Suricata as a network IDS, and it can also run bro alongside those traditional IDS engines to add another layer …

Continue reading

Bulk Update Security Onion Alerts

Posted on Mon 15 May 2017 in howto • Tagged with securityonion

Security Onion is a fantastic Open Source IDS distribution created by Doug Burks and Security Onion Solutions. Per their own about page:

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert …

Continue reading

Filtering Home Internet with Circle

Posted on Thu 11 May 2017 in howto • Tagged with kids, family, howto, internet

Meet Circle from Disney. According to Disney, using Circle you can "manage all of your home’s connected devices" and "parents can filter content, limit screen time and set a bedtime for every device in the home."

Circle is an extremely easy and simple to use home web filter, and …

Continue reading

ncat Send and Receive Only

Posted on Sat 12 November 2016 in howto • Tagged with ncat, nmap

This week, I picked up the ncat series again and looked at broker mode for transferring files. In my example case, the file was just ASCII and was simple to examine to ensure that no stray bits of the transmission were accidentally stored in the outputfile. But what if the …

Continue reading

Using ncat in Broker Mode

Posted on Wed 09 November 2016 in howto • Tagged with ncat

Picking back up on the ncat series started earlier this year...

I was looking through the various options for ncat and came across an option I hadn't seen before: Broker mode. After reading through the examples, I learned that the --chat mode is really just a special mode of connection …

Continue reading

How to Use miniLock - a Simple Way to Encrypt Files

Posted on Fri 22 April 2016 in howto • Tagged with encryption

I originally posted this entry on our family's Wordpress blog, back in 2015. I decided to update and repost the content here, since it's still relevant and fits better here anyway...

There are lots of different ways to encrypt a file and today I want to cover one of the …

Continue reading

Securely Deleting Files on Windows - sdelete

Posted on Tue 12 April 2016 in howto • Tagged with windows

SDelete is a free utility from Sysinternals (now MS TechNet) which securely deletes files on Windows.

Sdelete supports the following options:

    C:\Users\ubahmapk> sdelete /?

    SDelete - Secure Delete v1.61
    Copyright (C) 1999-2012 Mark Russinovich
    Sysinternals -

    usage: C:\tools\sdelete.exe [-p passes] [-s] [-q] <file …

Continue reading

Restricting Connections to ncat

Posted on Fri 08 April 2016 in howto • Tagged with ncat

We've already seen the usefulness of ncat, including ncat SSL sessions and running chat servers. Now we address the potential issue of unintended users of our listening ncat sessions.

Why would you want to limit access to an ncat listener?

If you're competing in a Capture the Flag event and …

Continue reading