Have you ever needed to extract a McAfee quarantine file? Today’s tutorial will show you how to extract a BUP file with punbup in the lab. There are many reasons to extract the files out of a McAfee quarantine file, the most common is to perform deeper analysis or to restore a file that was incorrectly identified. We will use the SANS SIFT workstation today to perform this task using the punbup.py script.
Hashcat for cracking passwords
This tutorial covers the process of password cracking in a real-world scenario. The main reasons you might need to crack a password is to get credentials during a penetration test or when evaluating intelligence. Both scenarios will happen and having the ability to crack the hash with the tools you have access to is imperative.
Acquiring a Forensic Disk Image with FTK Imager and the Wiebetech USB Writeblocker
This tutorial covers the process of imaging a hard drive that has already been removed from a system with FTK Imager and a write blocker. FTK Imager comes in two versions, one that is installed on a pc and one that can be used during incident response from a thumb drive. We will be using the installed version for this tutorial, but both look and function the same. I will cover the following key steps in the process:
Building a Virtual Cyber Security Lab Part 3 – The Security Onion
In this part of the video series we will continue creating our virtualized lab training environment by installing the Security Onion network security monitoring VM. Securtiy Onion will provide the ability to monitor the lab for security threats and attacks; i.e. the “Detect” aspect. The detect function is critical for an analyst to know, and serves as the foundation to build upon.
Building a Virtual Cyber Security Lab Part 2 – Kali Linux
In the last post we setup the SAN’s SIFT forensics workstation in VMWare Player, now we will setup Kali Linux. Kali is used for penetration testing, i.e. offensive operations, and it will help us learn how to detect malicious traffic in the virtualized test environment we are setting up.
Building a Virtual Cyber Security Lab Part 1 – SANS SIFT
In this post we will start creating a virtualized cyber security training environment by installing the SANS SiFT forensics workstation virtual appliance. In order to get the necessary skills to become a cyber security analyst one must practice in an environment with all the tools and a few sacrificial lambs. As you might expect most businesses will not let you use their production environments for this. So what are aspiring cyber security analyst to do? Build a test lab of course. A good lab environment will provide the analyst with all of the tools necessary to launch attacks, detect the attacks, and respond to the attacks.
SCP for Securely transferring files between Linux hosts
Security analysts constantly need to move files around; be it logs, ISO’s or VM’s, in Windows this is pretty easy. But how about in Linux? There are many way’s do move files between Linux machines and today we will discuss one of the most popular. SCP offers speed and versatility when it comes to moving files and allows analysts to seamlessly transfer files to and from a remote machine. Let’s see if we can get it done in two minutes!
How to use Maxmind GeoLite2 to obtain GeoIP data from the command line
Today let’s talk about how to use Maxmind’s Geolite2 to get geoip data from the command line in Linux. This post is an update to the original “using GeoIP data from the command line” post from September. Maxmind GeoLite legacy databases were discontinued on January 2, 2019 and have moved to the new GeoLite2 format and makes the original article obsolete. The new format requires new tools and scripts so I will treat it as a new article from a technical perspective, however the practical use is still the same from a security analyst’s perspective. So let’s dive right in and get the new format setup and ready to use.
Vi, The Basics of Editing Text on the Command Line Without Pulling Your Hair Out.
Security Analyst’s spend a lot of time on the command line in Linux so it makes sense to have a utility for editing text available. Vi and it’s improved cousin VIM fit the bill nicely; however most folks are intimidated by all of the hot keys and modes. Text editing with Vi is really easy and quick once you learn the basics, and that is today’s topic.