Skip to content

McHughSecurity

Cyber Security Professional

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations

Category Build

  • Home
  • Archive by category "Build"
June 18, 2021

Hardening TheHive4 and Cortex for public deployment

By A.McHugh in Build, Digital Forensics & Incident Response Tag cortex, nginx, thehive

In this post, I talk about hardening TheHive and Cortex for an Internet-accessible deployment. This includes the application of TLS v1.2+ and the configuration of multi-factor authentication. Cortex can be…

Read More

June 18, 2021

[Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform

By A.McHugh in Build Tag misp

MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Within a…

Read More

April 28, 2021

[Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise

By A.McHugh in Build

As a bake off for the Threat Lab and Incident Response capabilities, we will also be installing Splunk Enterprise. This will be in the 30 day trial mode, so it…

Read More

April 28, 2021

[Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises)

By A.McHugh in Build

You can potentially use a Cloud-hosted instance of Elastic Cloud Enterprise, however since I am trying to avoid putting this environment on the Internet, I will be building ECE in…

Read More

April 28, 2021

[Part 1] Building a Threat Integration and Testing Lab

By A.McHugh in Build

For this article and subsequent articles, I will be talking through the installation, configuration, and integration components in building an integrated threat and incident response lab. The primary purpose of…

Read More

March 20, 2021

TheHive 4.1.0 Deployment and Integration with MISP

By A.McHugh in Build, Digital Forensics & Incident Response Tag #misp, cortex, elasticsearch, thehive

Every few months, StrangeBee puts out an update to TheHive (Security Incident Response Platform). This month they have added Elasticsearch as an index engine to alleviate issues with using Cassandra,…

Read More

March 14, 2021

Implementing Elastic Cloud and using Elastic Security

By A.McHugh in Build Tag dionaea, elastic, elastic agent, elastic security, kibana

Elastic offers a Cloud based solution which would allow a very modest lightweight SIEM to be implemented for around $0.05 AUD/hour (60GB of Index Storage), but this does not include…

Read More

April 5, 2020

Deploying (and using) TheHive4 [Part 1]

By A.McHugh in Build Tag cortex, elasticsearch, thehive4

In this post I will walk through the deployment, configuration and migration of TheHive to TheHive4, and what improvements have been implemented into this release.

Read More

May 28, 2019

Building a Cuckoo Sandbox

By A.McHugh in Build, Digital Forensics & Incident Response Tag cuckoo, malware, sandbox

Sometimes there is a need to analyse files in a live environment where their composition and provenance may not be entirely certain. For the most part we can try to…

Read More

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Proudly powered by WordPress | Theme: SpicePress by SpiceThemes