About a month ago, there was much news about the release of COFEE into the torrent wild. I even gave my two cents about the much hyped forensics toolkit which is provided to law enforcement for the purposes of easily capturing volatile data from personal computers during evidence collection. A tool to counter COFEE, aptly […]
Today marks the last Microsoft patch Tuesday of 2009, and Microsoft has released patches to six bulletins: MS09-071 – Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) MS09-074 – Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) MS09-072 – Cumulative Security Update for Internet Explorer (976325) MS09-069 – Vulnerability […]
In working with OSSEC agentless for some time now I have come across some limitations in the implementation that I felt needed to be addressed. As OSSEC agentless is designed to preform
syscheck functions on remote hosts, more general features are hard (if not impossible) to write into a script. This post will demonstrate an alternative for adding additional features to the OSSEC standard build.
In my last OSSEC post “OSSEC: Agentless to save the day” I went over how to setup agentless monitoring using the built in scripts. With this post I am going to get into the details of how to modify the OSSEC supplied scripts to do your bidding.
OSSEC is a Host Intrusion detection system (HIDS) in name, but in reality it is far more. It’s able to look for rootkits, monitor logs (LIDS), and even actively respond to defined events. While all these features are great the unsung hero is agentless monitoring.
Several months ago, users of a wireless carrier in the United Arab Emirates (UAE) were sent an SMS message to their Blackberry devices instructing them to install a software patch that would resolve recent network trouble they’ve been experiencing. The patch turned out to be spyware (Etisalat.A[MA]) and would intercept the user’s email, sending the […]
I attended SC World Congress in New York this week and a keynote from Cisco caught my attention: Securing the Cloud: Building the Borderless Network. I became fixated on the words used over and over by Joel McFarland. Borderless this, borderless that, borderless everything. This campaign started to bother me as this was a security […]
Windows Server 2008 R2 was released in August, and it introduced new functional levels for Active Directory. This article takes a look back at the different functional levels of the past and what is new in the latest release of the server operating system for Active Directory (yes, a recycle bin for AD objects!). Functional […]
One of my favorite websites in the days of Windows 2000 Server was a project from a group of system managers from the Department of Electrical Engineering at the Swiss Federal Institute of Technology; it was titled “Real Men Don’t Click”, and it was dedicated to accomplishing tasks solely using the command line interface (CLI). […]
I’m always a fan of more queries and peaks at what is going on in my AD domain, especially at what is happening on the workstations. I was working on some WMI queries to get information about network interfaces using the Win32_NetworkAdapterConfiguration class, and thought about promqry.exe. Promqry is a tool provided by Microsoft to […]