Fail2ban for WordPress

fail2ban is a utility that can be used to protect a server or website from brute-force attacks by blocking the IP address of the attacker after a certain number of failed login attempts. If you want to use fail2ban to protect your WordPress website, you can do so by installing and configuring the fail2ban software … Read more

Lynis (How to find vulnerabilities and harden a Linux system)

Introduction: In the security industry, there is so much emphasis on Windows server and workstation security with thousands of security products dedicated to finding vulnerabilities and hardening servers. A few products that we have in the market are Nessus,  Nexpose, and OpenVAS, one may say they do support Linux and I agree entirely, but they … Read more

Disassembling ransomware decryption tool What’s inside the decryption tool? How does the decryption tool work? Ransomware Recovery

Intro Ransomware attacks are on rising and becoming more sophisticated. Companies without little to no backup plan, struggle the most. As we know with ransomware attacks comes encryption. And it is a real pain to decrypt any files without a key. So that kept me thinking, how is this decryption tool able to handle the … Read more

Monitor full network traffic with Arkime aka. Moloch

Monitoring the corporate network is a crucial part to safeguard the network against malicious threat actors. One may argue that there are IDS and IPS to detect malicious traffic on the network. Those advanced security devices can indeed be useful but one cannot see the full picture of the network. For example, IDS and IPS … Read more

AWS Security Audit – Scout2 for Security Auditing on your AWS Infrastructure

The cloud platform is a way to go for most companies today. With all the advantages like scalable, redundant, fault-tolerant, and highly available infrastructure, the cloud seems like a way to go for when thinking of long term growth. Let’s not go to the overly discussed topic of cloud vs on-primes infrastructure. Security should be … Read more

Deploy the Mattermost server. Install Mattermost on Ubuntu using PostgreSQL and Nginx. A privacy alternative for slack.

Communication is the most important aspect of the team’s success. Having efficient communication with the team members has to be a key component for any team leader. This key component in today’s corporate environment is dominated by Instant messaging tools like slack and discord. This wasn’t the case before, instead the use of email was … Read more

Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence

You will notice that this article has something to do with ELK stack AGAIN!!!. ELK stack is so flexible that it can fit into many different use cases. Today’s use-case of elk stack will be with the firewall. Most firewalls hardly have any kind of dashboard integrated with them, which makes it harder to monitor … Read more

Winlogbeat and Sysmon setup. Integration with ELK

This post is all about windows logging with winlogbeat and sysmon in place to collect all the important logs possible. Without getting into details about the installation of ELK stack I will get started with the installation of services and configuring the server to process that logs. Here is the link for installation script for … Read more

Install MozDef on ubuntu

Opensource siem has its own place in the SOC world. Even commercial siem uses Opensource components like elasticsearch, kibana, and logstash. Some of the popular opensource SIEM include OSSIM, The ELK stack, OSSEC, Wazuh, Apache Metron and MozDef by Mozilla. The reason behind writing this post is to help with the installation process of MozDef. … Read more