Deploying (and using) TheHive4 [Part 1]
I have been an off and on user of TheHive for nearly a year now, and it is encouraging to see the development and release of TheHive4 (even if in…
Threat hunting with Elasticsearch and Kibana (Part 1)
As part of my final Masters degree research component I have been collecting data from honeypots which I have seeded around the globe. The objective being to distil this data…
Loading Windows Event Logs to Elasticsearch
So whilst playing through an element of Kringlecon 2019 I came across a task which didn't really suit my Christmas challenge of going to Linux full-time. One such challenge involved…
Building a Cuckoo Sandbox
Sometimes there is a need to analyse files in a live environment where their composition and provenance may not be entirely certain. For the most part we can try to…
Extracting RAM from VirtualBox session
Over the last few months I have been playing with Cuckoo, and reworking its function to suit my own requirements. Part of this has involved the separation of components within…