avatar

Introduction to Packer and Terraform with Ubuntu on vSphere

Introduction Packer and Terraform are both tools created by the company Hashicorp , both of these tools aim to provide automation capabilities. Packer has the goal of creating machine images for multiple different platforms. For example, we can create AMIs for EC2 instances on AWS or VMDK/VMX files for VMware. The whole goal is to automate the ability to create a consistent image that can be used by a specific platform, whether it be AWS or VMware products such as vSphere.

Configuring Wazuh and Kibana to Monitor Endpoints

Introduction Wazuh is a host intrusion detection system (HIDS) that is capable of performing log analysis, integrity checking, Windows registry monitoring, rootkit detection, and generating alerts based of a set of predefined rules. The following picture shows the different components that will be needed on this setup, this picture was found on an article related to this subject. The picture is more specific to OSSEC, however, that is alright since Wazuh is based on OSSEC.

Monitoring Windows Endpoints with Winlogbeat

Introduction This post will introduce the steps needed in order to setup a Windows endpoint to forward logs to Logstash. The following diagram shows a layout of how all the components will interact with each other. On the Endpoint we have logs that we want to ship to Elasticsearch, these logs include various system logs generated by Windows and Sysmon logs. The Sysmon logs are generated by another program installed on the system which will monitor events related to processes being created and registry values being changed.

Configuring a Single Node ELK Instance

Introduction This post will aim to guide you in setting up a ELK stack instance, other posts will go into detail about other aspacts such as monitoring logs on Windows. A brief description will be given on all the components that will be used. If you are interested in reading more about the technical details of how the different components work please consult the References section, I have linked some interesting articles and videos that can be of use.

Understanding and Implementing PKI with OpenSSL

Introduction This post will aim to give an overview of TLS and public key infrastructure (PKI). This first part of this post will give a theoretical overview of how it works. The second part of the post will demonstrate how to setup a CA with OpenSSL and create certificates for web servers and code singing purposes. Furthermore, the code signing certificate will be used to sign a binary on a Windows machine.

Creating Device Guard Polices from a Golden Image

Introduction Device Guard is a system built into Windows 10 that can help mitigate the effects of a breach by controlling which applications are allowed to run, both processess in userland and drivers in the kernel. After Windows 10 1709 Device Guard is now known as Windows Defender Application Control, however, in this post it will be refereed to as Device Guard. This post will aim to show the steps taken to configure a Device Guard policy based on a golden image, this is a computer that is configured and has all the needed software installed.