Collaborate Disseminate
I have a Linksys WRT1200AC with DD-WRT v3.0-r48865 std. It’s connected to the Internet through the ISP’s modem in bridge mode.
My syslog reports continuously, many times per second stuff like this:
kern.warn kernel: [18453.515784] DROP IN=… Continue reading A Continuous Flood of Kernel Warnings. Am I under attack?
How can I get the SOF-ELK VM to inject the IIS logs like the httpd logs. Here are my filebeats yml configs:
/etc/filebeat/filebeat.yml
filebeat.config.inputs:
enabled: true
path: /usr/local/sof-elk/lib/filebeat_inputs/*.yml
filebeat.c… Continue reading Need help configuring SOF-ELK Sans to parse IIS W3C logs
When a crash occurs or when a user reports a bug, I’d like to send my application’s logs to a cloud service (Firebase).
But I’ve just realised that there are tons of kindergarten level exploits. For example:
they can make these logs treme… Continue reading Sending logs with bug reports: how to defend against easy exploits like malicious file enlargement?
Cybersecurity involves a balancing act between risk aversion and risk tolerance. Going too far to either extreme may increase cost and complexity, or worse: cause the inevitable business and compliance consequences of a successful cyberattack. The deci… Continue reading How to avoid security blind spots when logging and monitoring
I installed ufw on my VPS. xx:xx:xx:xx:xx:xx is the MAC address of my VPS.
grep ‘BLOCK’ /var/log/ufw.log | awk ‘{print $1,$2,$3,$12,$13}’
Apr 28 20:28:04 MAC=xx:xx:xx:xx:xx:xx:fe:00:03:ee:8f:33:08:00 SRC=89.248.165.118
Apr 28 20:28:04 … Continue reading someone always attack my server [closed]
I have a hosted a simple react website(testing) with nginx webserver and cloudflare as ssl provider.My website is down from few days with cloudflare error 525 "SSL handshake failed".I was pretty sure my SSL keys are not expired,s… Continue reading Can anyone help finding what’s shady things are logged on my nginx webserver? [duplicate]
I need to secure logs on a IoT device (Infineon TC233). It has 2 MB flash and a HSM. We are at the design stage of development.
Since logs will be primarily event & data logs, the size of the log file is likely to be in a few KBs. Addi… Continue reading Secure logs on an embedded IoT device
In logs, I found lsass.exe spawning lsass.exe.
C:\Windows\System32\smss.exe
C:\Windows\System32\smss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\lsass.exe
C:\WINDOWS\system32\lsass.exe
lsass.exe should always be a ch… Continue reading lsass.exe spawning lsass.exe
Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and take stock of how things played out. What strategies worked in the face of one… Continue reading Log4Shell: A retrospective
Is there any way to find out if any of the vulnerabilities of older Logitech Unifying Receiver firmware was exploited? I’m referring to the vulnerabilities listed here including these.
On GNU/Linux/Debian it can be patched with fwupdmgr up… Continue reading Is there any way to find out if a Logitech Unifying Receiver vulnerability was exploited?