![Cover Image for Imgur C2](/images/cover-images/imgur-c2.jpg)
A tool to smuggle binaries through Imgur, allowing a botmaster to send binaries to victims without the victims needing to find the controller's domain or ip.
More Posts
![Cover Image for Using IP Reputation list to alert for SolarWinds Sunburst activity in Security Onion](/images/cover-images/security-onion-proxmox-4.png)
Using IP Reputation list to alert for SolarWinds Sunburst activity in Security Onion
Part 4 in the series about establishing a SOC Workstation using Security Onion to monitor your homelab. We're getting into IP Reputation in Suricata. And trying to get around docker and SaltStack to do so in Security Onion.
![Cover Image for Security Onion + Proxmox Testing: Endpoint Reporting](/images/cover-images/security-onion-proxmox-3.png)
Security Onion + Proxmox Testing: Endpoint Reporting
Part 3 in the series about establishing a SOC Workstation using Security Onion to monitor your homelab. This post is dedicated to setting up endpoint reporting on all our hosts across the network.
![Cover Image for Security Onion + Proxmox Testing: Will it sniff?](/images/cover-images/security-onion-proxmox-2.png)
Security Onion + Proxmox Testing: Will it sniff?
Part 2 in the series about establishing a SOC Workstation using Security Onion to monitor your homelab. This post is dedicated to making sure Security Onion is working in a Proxmox homelab environment.
![Cover Image for Set up Security Onion to monitor your Proxmox Home Lab](/images/cover-images/security-onion-proxmox-1.png)
Set up Security Onion to monitor your Proxmox Home Lab
How I'm using Security Onion to set up a SOC Workstation to monitor my virtualized homelab and setting up a threat lab. Here's how I started with Proxmox and Open vSwitch.
![Cover Image for Hacktivitycon CTF: Hashbrown Casserole](/images/cover-images/hacktivitycon-writeup-hashbrown.png)
Hacktivitycon CTF: Hashbrown Casserole
My writeup for a scripting challenge in this years Hacktivitycon.
![Cover Image for SonarQube vs OWASP Top Ten](/images/cover-images/sonarqube-vs-owasptopten.png)
SonarQube vs OWASP Top Ten
Feeding NodeGoat to SonarQube to see how much of the OWASP Top Ten is caught in this static analysis tool.
aws-creds-check - a bash script
If only the aws cli would let you call get-caller-identity with apikey and secret as arguments, I wouldn't have to write this.
![Cover Image for NoSQL and urlencoded](/images/cover-images/urlencoded-nosql.gif)
NoSQL and urlencoded
Discoveries on bodyParser.urlencoded unintentional impedance of nosql injection attacks
Audit Log Dashboard
Very basic dashboard for auditd logs.