I have posted before on participating in other TraceLabs events (such as the Australian Federal Police Missing Persons Hackathon), so here goes a brief recounting of my experiences with a US missing persons event.
OSINT for Missing Persons (Part 1 – Intro)
Sometime ago I participated in an event run by TraceLabs in conjunction with the Australian Federal Police to locate pieces of information for missing persons across Australia. The twist on this event being it was gamified to allow competing teams to try and beat each other to amass the most amount of points according to […]
Deploying (and using) TheHive4 [Part 1]
I have been an off and on user of TheHive for nearly a year now, and it is encouraging to see the development and release of TheHive4 (even if in pre-release). In this post I will walk through the deployment, configuration and migration of TheHive to TheHive4, and what improvements have been implemented into this […]
Threat hunting with Elasticsearch and Kibana (Part 1)
As part of my final Masters degree research component I have been collecting data from honeypots which I have seeded around the globe. The objective being to distil this data in to organisational threat data based on a fictitious business. Part of the complication I am going to start facing, is how to how Elasticsearch […]
OSINT for Threat Intelligence
It seems to be a significant buzzword nowadays, but Threat Intelligence is available in an abundance from a wide range of curators and commercial suppliers. So what does it take to correlate observables such as precursors to determine if they are an indicator of compromise, and by whom have they been generated?
Loading Windows Event Logs to Elasticsearch
So whilst playing through an element of Kringlecon 2019 I came across a task which didn’t really suit my Christmas challenge of going to Linux full-time. One such challenge involved a Windows Event Log file with no ready access to a Linux derivitive of Event Viewer. My Kali laptop for my Christmas challenge was already […]
Building a Cuckoo Sandbox
Sometimes there is a need to analyse files in a live environment where their composition and provenance may not be entirely certain. For the most part we can try to reply on virus detection and heuristics to detect potentially malicious files, but what about those files which have not yet been identified, or have been […]
Extracting RAM from VirtualBox session
Over the last few months I have been playing with Cuckoo, and reworking its function to suit my own requirements. Part of this has involved the separation of components within Cuckoo into functional units. This particular component relates to extracting the RAM from a VirtualBox machine for analysis after ceasing the VM. For this to […]
