Pages

Thursday, August 18, 2022

Remotely managing Sysmon configuration through Graylog Sidecar

Introduction: Sysmon is a tool from Microsoft that can help with collecting better logs (compared to default Windows logs) regarding the sys...
Wednesday, July 20, 2022

Screenshotting/scanning domains from certstream with littleshot to find interesting content

Introduction: Certstream is a great service which provides updates from Certificate Transparency Log, which has info regarding certs being i...
Wednesday, July 13, 2022

Building a honeypot network with inetsim, suricata, vector.dev, and appsmith

I wanted to learn a bit more about data engineering, databases, app building, managing systems, and so on so I decided to work on a small ho...
Saturday, March 5, 2022

Quick analysis of stealer malware sent via discord

Introduction: Just a quick analysis of malware sent via discord... I got the malicious file from someone who received the file via Discord f...
Sunday, December 12, 2021

notes/links about log collection, storage, and searching

Introduction Just some notes about log collection, storage, and searching. I just want to be able to store some log data for a long time and...
Friday, November 26, 2021

Collecting Unifi logs with Vector and Grafana Loki

Introduction This post just discusses sending unifi logs to grafana loki and utilizing vector.dev/vector agent. Typically for log collection...
Saturday, April 10, 2021

Creating a malware sandbox for sysmon and windows event logs with virtualbox and vmexec

Introduction I was doing some research around detection related to maldoc/initial access. Usually, I've seen malicious Word or Excel doc...