Our Blog

Check out our collection of how-to guides, resources, and experiences.

Featured Posts

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

Zeekurity Zen Zeries

Zeekurity Zen Zeries

Zeek is my favorite network security monitoring platform, and I’ve used it throughout my career.  It generates rich network metadata that’s incredibly valuable for incident response, forensics, and general troubleshooting. For most people, the main challenge with...

How to Choose the Right EPP / EDR Solution

How to Choose the Right EPP / EDR Solution

Introduction Like most cybersecurity professionals, you’re looking for an EPP that protects against current and evolving threats, is easy to deploy and manage, and is ultimately invisible to end-users.  Today, there are dozens of these platforms available, and...

Zeekurity Zen – Part III: How to Send Zeek Logs to Splunk

Zeekurity Zen – Part III: How to Send Zeek Logs to Splunk

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we've: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Now we'll send our Zeek logs to Splunk,...

Zeekurity Zen – Part I: How to Install Zeek on Ubuntu

Zeekurity Zen – Part I: How to Install Zeek on Ubuntu

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview This guide assumes you'll be installing Zeek on Ubuntu 22.04 LTS.  However, the guide should work for any reasonably recent versions of Ubuntu. Kicking things off,...

How To Build a SANS GIAC Index

One of the keys to passing SANS GIAC exams is to build a comprehensive index to quickly find information during the exam.  Building an index will also help you study as it forces you to thoroughly review the material.  The steps below detail how to build an index that...

How to determine your Ring Doorbell Pro firmware version

How to determine your Ring Doorbell Pro firmware version

I have a love/hate relationship with my Ring Doorbell.  When I purchased it in 2016 it worked great for a year with minimal issues.  As it became more popular, I noticed the quality dropped with video freezes, black videos, and missed motion events.  This led me to...

Palo Alto Firewall: macOS Updates NSURLErrorDomain error -1012

Palo Alto Firewall: macOS Updates NSURLErrorDomain error -1012

This is part of the Palo Posts how-to guides for getting the most from your Palo Alto firewall on a home or small business network. Overview About a month ago, I enabled decryption on my Palo Alto firewall and limited it only to traffic to and from my MacBook Pro....

Palo Alto Firewall: External Dynamic Lists

Palo Alto Firewall: External Dynamic Lists

This is part of the Palo Posts how-to guides for getting the most from your Palo Alto firewall on a home or small business network. Overview I recently attended Palo Alto's annual Ignite conference for the first time.  It was a great experience for learning about best...

Palo Alto Firewall: Home Network

Palo Alto Firewall: Home Network

This is part of the Palo Posts how-to guides for getting the most from your Palo Alto firewall on a home or small business network. My very own Palo Alto! I'm a big fan of Palo Alto Networks firewalls due to their focus on security and giving both network and security...

The Missing CISSP Domain

The Missing CISSP Domain

In the security world, the CISSP is the gold standard certification for information security professionals.  The exam is incredibly broad covering a number of domains.  However, over the course of my career I've realized that there's a key domain that's missing. Oh...

OSM: Open Security Monitoring

OSM: Open Security Monitoring

Introduction I've spent most of my career defending environments of all sizes.  What I've found is that the job of a defender is much less flashier and thankless as compared to an "ethical hacker."  While there are volumes of articles, guides, and talks on penetration...

Seeing Red: The Fun Stuff

Seeing Red: The Fun Stuff

The Fun Stuff: Privilege Escalation, Exfiltration, and Persistence This is part of a series of posts that walk through an attack.  To start from the beginning, click here. In the last post, we successfully exploited our Victim using a client-side attack targeting an...

IP360 Tools: Free For All!

IP360 Tools: Free For All!

Last year, I wrote a couple articles on how to integrate Tripwire IP360 data into Splunk.  These turned out to be very popular, with a number of folks reaching out to me for a copy of my IP360 Tools script that made all the magic happen.  I hesitated to give the...

Seeing Red: Exploitation

Seeing Red: Exploitation

Exploitation: Client-side Attack This is part of a series of posts that walk through an attack.  To start from the beginning, click here. In the last post, we performed some basic reconnaissance on our target machine and determined its operating system, running...

Transform Your Business & Securely Operate at Peak Efficiency