WordPress login attempts – observations and conclusions

According to some sources, WordPress  powers approximately 18.9% of all known websites. Not sure of the exact specifics and I don’t think it’s relevant to question them, but I think most people agree that a lot of websites are using WordPress. Which makes it a clear target for both mass and targeted online attacks. Given the fact that like with other software or systems, a lot of WordPress installations are poorly managed by their users from a security perspective, especially when it comes to updates and proper credentials, the ease of compromise increases attracting even more attackers. Continue reading “WordPress login attempts – observations and conclusions”

Email scams – getting money from Industrial and Commercial Bank of China

We all receive spam email. Everyday. Typically they end up in the “spam” folder and we never even get to see them. I never did really care about them and normally erase as soon as possible. This one got my attention as it ended up in my inbox on of my fictive emails (doesn’t everybody has that?) and I decided to play along to see where is everything going. Continue reading “Email scams – getting money from Industrial and Commercial Bank of China”

Information Security Incident Handling short course

Nowadays is almost impossible not to learn something in an easy way. Globalization of content and information (evidently through internet) has skyrocketed the learning and educational possibilities worldwide. I took advantage of this mostly through tutorials, guides and free online applications such as Codeacademy, Blogger, WordPress. Only recently (several months ago) I became aware of the MOOC phenomenom (massive open online courses). Continue reading “Information Security Incident Handling short course”

Offline analysis in Security Onion

I’ve mentioned in a previous posts about how useful is Security Onion as it is, but for different reasons one might have to tweat it in order to suit his needs. In my case, I had the problem of big drop rates on network packets from Snort and BRO in a temporary production deployment. Since I couldn’t rely on the BRO and Snort logs I would have to generate them again. The good thing was that netsniff-ng had an almost 0 drop rate and I could use the PCAP files for offline analysis. Continue reading “Offline analysis in Security Onion”

Snort alerts – passing through the Onion

Snort is a pretty interesting piece of software, with multiple features. Understanding the Snort architecture might help better understand this post. It is also the de-facto standard when it comes to IDS and the default sensor used in Security Onion. The present article will present the overview of how Snort and additional programs are being used in Security Onion. The purpose of Snort in Security Onion is to provide IDS data which will be analyzed by the user in one of the user-interfaces available in the operating system. The following is also an example of a network security monitoring system. Continue reading “Snort alerts – passing through the Onion”

How ELSA works

ELSA stands for Enterprise Log Search and Archive. It’s a really powerful syslog framework built on Syslog-NG, MySQL, and Sphinx full-text search. It’s one of the main tools that I’m relying on when using Security Onion. On a previous post I’ve put some words on the big picture in Security Onion , but in the present one I’m going to focus on details related to how ELSA works in Security Onion. The main reason for this article is to understand the differences between standard ELSA and Security Onion ELSA, where people (including me) might get confused with file paths and configuration details. Continue reading “How ELSA works”

Security Onion – from traffic to analyst

In the past months I’ve been using Security Onion in relation to one of my school projects and lately to my internship. Security Onion has a lot of useful programs, on which you could literally spend days to configure to work properly on the same server. The fact that it just works, does not save you the headaches of figuring out how it works and tweaking it to suit your needs. (but it saved me from a lot of headaches caused by other issues). Continue reading “Security Onion – from traffic to analyst”