Use Splunk to Locate Port Scanners

If you are hosting a web application, then the only open TCP ports through your firewall should be 80 and 443.  If anything tries to connect on other ports such as 23, 3389, 12345, etc. then it’s more than likely hostile.  More so, for example, if you see attempts to connect to sequential port numbers Read more about Use Splunk to Locate Port Scanners[…]

Burping a login page

Scenario I’ve got Burp Suite Pro v1.7.27 configured as the proxy server for the Firefox browser.  The Web Application takes me to a login.php page.  I don’t know the login credentials, but I want to.  Here I’ll walk you through my method of Burping a login page. Interception I set up Burp to intercept my Read more about Burping a login page[…]

Watering Hole Attacks

Overview The FBI assesses a group of malicious cyber actors—likely located in Iran—use Virtual Private Server infrastructure hosted in the United States to compromise government, corporate, and academic computer networks based in the Middle East, Europe and the United States. This infrastructure is used in conjunction with identified malicious domains to support a broad cyber Read more about Watering Hole Attacks[…]

Blue Team Reactions to WannaCry

<<< I am making frequent updates to this post an information flows in. >>> Overview There is an exploit called ETERNALBLUE (CVE-2017-0145), which is believed to have been developed by the NSA (U.S. National Security Agency). ETERNALBLUE was leaked by the Shadow Brokers hacker group on 14 April 2017. Is used as part of the WannaCry ransomware attack that Read more about Blue Team Reactions to WannaCry[…]

Symantec Lands on the Never Trust List

Symantec has mis-issued at least 30,000 certificates over the past few years. This is a huge deal, since a Certificate Authority’s ONLY job is to be TRUSTED.  If you can’t trust them, then they have no purpose to exist.  Frankly Google has to be nice in the grand scheme of things.  I’m taking a more hostile approach by Read more about Symantec Lands on the Never Trust List[…]

Lynda 55000 users Breach Affects 55,000 users

Yesterday, I received this email notification (below) notifying me that’s database had been breached.  For those of you who don’t know or use, it’s really good resource for learning almost anything in IT related via online videos.  The cost is around $20 to 35 per month or you can pay for the year in Read more about Breach Affects 55,000 users[…]


The USA has a Mothership

A cyber war is coming, our adversaries are preparing for battle by flooding the United States consumer electronics market with devices that they can control and gather intelligence from (digital spies).  TheUnited States is the most power country in the world when it comes to air superiority, logistics, and technological advantages in most areas of operation. Read more about The USA has a Mothership[…]


Blacklists Part of a defense in depth strategy for cyber security is having the hostile attacker deal with multiple obstacles before reaching the his objective.  You can thwart many script kiddies with a just a couple layers.  However, a determined attacker, won’t stop after encountering your firewall and anti-virus.  Do yourself a favor and add another Read more about Blacklists[…]