Category Digital Forensics & Incident Response

June 18, 2021

Hardening TheHive4 and Cortex for public deployment

By A.McHugh in Build, Digital Forensics & Incident Response Tag cortex, nginx, thehive

In this post, I talk about hardening TheHive and Cortex for an Internet-accessible deployment. This includes the application of TLS v1.2+ and the configuration of multi-factor authentication. Cortex can be…

April 7, 2021

Building a Cuckoo Malware Analysis Server

By A.McHugh in Digital Forensics & Incident Response

I have written this guide a few times in the past, but here is a revised version with some notable inclusions based on more recent experiences with Cuckoo. I have…

March 20, 2021

TheHive 4.1.0 Deployment and Integration with MISP

By A.McHugh in Build, Digital Forensics & Incident Response Tag #misp, cortex, elasticsearch, thehive

Every few months, StrangeBee puts out an update to TheHive (Security Incident Response Platform). This month they have added Elasticsearch as an index engine to alleviate issues with using Cassandra,…

March 18, 2021

Building the Assemblyline Analyzer for TheHive’s Cortex.

By A.McHugh in Digital Forensics & Incident Response Tag cortex

Static analysis for me has become more fun with the inclusion of Assemblyline into my arsenal. But the lack of integration between other elements of my FOSS SOC stack was…

March 3, 2021

Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.

By A.McHugh in Digital Forensics & Incident Response Tag cortex, misp, thehive, webhooks

Since the last write up I published on TheHive, there have been some significant changes and updates to TheHive. So for this post I will be walking through the installation…

February 27, 2021

Building a parallel-analysis Cuckoo server

By A.McHugh in Digital Forensics & Incident Response

Cuckoo's dynamic malware analysis platform is pretty good out of the box. But how can we scale it to allow parallel processing of samples, particuarly where Cuckoo is part of…

February 22, 2021

Cuckoo Dynamic Malware Analysis

By A.McHugh in Digital Forensics & Incident Response

Cuckoo is an automated dynamic malware analysis platform which allows for the analysis of submitted artefacts within a range of custom configured guest operating systems. Analysis environments may be created…

February 21, 2021

External Analysis with VirusTotal

By A.McHugh in Digital Forensics & Incident Response

VirusTotal is a subsidiary of Alphabet Inc. (which is also the parent company of Google). The service offers static and dynamic artefact analysis through a combination of free and paid…

April 4, 2020

Threat hunting with Elasticsearch and Kibana (Part 1)

By A.McHugh in Digital Forensics & Incident Response, Security Operations, Threat Intelligence Tag elasticsearch, kibana

As part of my final Masters degree research component I have been collecting data from honeypots which I have seeded around the globe. The objective being to distil this data…

January 13, 2020

Loading Windows Event Logs to Elasticsearch

By A.McHugh in Digital Forensics & Incident Response, Operate Tag elastic, elasticsearch, kibana, windows

So whilst playing through an element of Kringlecon 2019 I came across a task which didn't really suit my Christmas challenge of going to Linux full-time. One such challenge involved…