Cuckoo Sandbox Installation

Cuckoo Sandbox is an open source malware analysis system used to launch files in an isolated environment and observe their behavior. Pass it a URL, executable, office document, pdf, or any file, and it will get launched in an isolated virtual machine where cuckoo can observe it’s process execution, API calls, network access, and all filesystem activity. You’ll then get a report and a threat score based on the observed behavior. Once the analysis is complete the VM restores to a known good snapshot and waits for the next execution.

Open Source SIRP with Elasticsearch and TheHive - Part 3 - MISP

Implementing a MISP server will allow Cortex, or any application capable of issuing a simple REST request, to query against feeds of threat indicators, most notably for IP addresses, URLs, and file hashes. The MISP server will allow you to control the subset of feeds you wish to subscribe to and query against, but it’s up to you to find the right balance in selecting the feeds. The information returned depends on the additional data provided by the feed and varies greatly among feed sources. Some feeds are simple block lists while others provide a wealth of additional data. Take a look at feed number 1 from CIRCL for an example of the data that can be provided.

Sonoff and Espurna - Powerful Automation Switches

In this post I’ll describe how I take a sub-$5 Wifi-enabled electrical switch, flash it with open-source firmware, and incorporate it into my home automation. This is a cheap way of being able to turn any small electrical device on and off wirelessly.

AD Health & Security Check-up

As the Identity and Authentication source of most Enterprises, Active Directory is the backbone of local and federated authentication. Coupled with the prevalence of Cloud computing, organizations are depending more-and-more on federated authentication and expanding their Active Directory into the Cloud.