Monday, October 14, 2019
I was fortuitous enough to participate in the TraceLabs Missing Persons CTF in October, along with a lot of other people across Australia in finding information which may help in identifying the status of registered missing persons. Myself along with my team come from a diverse background where some of us have some OSINT experience (from a penetration testing background) and some of us knew less or more from other perspectives - we are a diverse team. The lead up to this activity did not involve a huge amount of planning for our team (we had a great deal of work to contend with outside of this CTF), and we really only setup our OSINT machines the evening before, but the most important aspect of what we were trying to achieve (finding indicators for missing people) was in our tactics and methods to locate actionable data for the missing people involved. For sensitivity, I will not be discussing specifics of each case, suffice to say - some cases were much, much harder than others. However, all of which were very challenging!
Saturday, September 14, 2019
The installation of MISP has long been a contentious issue depending on which flavour of deployment you are willing to run in your environment. I am not overly a fan of the OVA deployments (since I have no control over what was deployed in there previously), and nor would I consider deploying a prebuilt OVA of that description within a production environment. So instead I will be walking through the deployment of MISP through a newly released Shell script which takes care of everything in a one-liner.
Sunday, August 25, 2019
If you have read anything I have already published here, you will likely see I am somewhat biased to using TheHive as a Cyber security Case Management tool. There are many other tools, but my focus is on enabling a SOC operator no matter the budget for a business (something is well and truly better than nothing). So with that, I will be walking through the deployment of a collection of VMs designed to operate as a SOC enclave for Incident Investigation and Analysis. All using Open Source tools and technologies which can be acquired for no cost outlay.