Today’s topic is how to install NSA Ghidra reverse engineering tool on CentOS 7 in 10 minutes. Reverse engineering of malware normally requires software that is priced out of the reach of folks that are trying to get into forensics or incident response; not anymore! NSA released the Ghidra reverse engineering tool at no cost for the end user. This is great news for people wanting to join the ranks of security analysts.
Using Putty to login to a remote Linux host from Windows – Securely
Lets face it, most of us would prefer a Linux desktop but our boss says we must have Windows. No problem, we can still get to our beloved command line in Linux with Putty. This post will show you how to login via Putty and even configure it to use pki to automatically login.
Continue reading “Using Putty to login to a remote Linux host from Windows – Securely”How to login to a remote host securely without using passwords
Security analyst normally have many machines they need access too just as system administrators do, so why not set up automatic login over SSH with pki keys to speed up the process? This blog post will show you how easy it is to set up this secure method of authentication.
Continue reading “How to login to a remote host securely without using passwords”Verifying file integrity by hashing with md5 and sha1
Verifying file integrity by hashing with md5 and sha1 is todays topic. Downloading files poses risks, even when we know where they are being downloaded from. You can be sure they have not been tampered with or corrupted by verifying the hash provided by the author. This post and accompanying YouTube video will show you how to easily calculate the hash in Windows or Linux.
Using GeoIP data from the command line
Today’s topic is using GeoIP data from the command line. Security analysts often find they need to ascertain an IP addresses geographic location in order to make decisions. The most obvious use would be around geofencing, i.e. blocking IP’s from certain countries or regions. GeoIP information is simple to acquire from the Linux command line with the tool geoiplookup and the Maxmind dat files. Here is an updated post and video on how to use Maxmind’s GeoLite2 database. How to use GeoLite2 on the command line.
How to secure a fresh Linux virtual private server install
Introduction
A Linux virtual private server (VPS) is an essential tool for any cyber security analyst, but left unsecured it can quickly be taken over by those with more nefarious intentions. Lets make sure that does not happen. This blog and accompanying video covers a few basic “must do” tasks to configure a secure Linux virtual private server at first boot. Why do we need to secure a new system? Within seconds of it coming online it will be found and attacked. If you want to test this you can leave this system as installed for 24 hours and then check the logs, there will be brute force attempts on ssh at a minimum. You may want to re-deploy the VPS before going any further if you performed this test.
Setting up a Non-Attributable system on a Linode VPS
Security analyst need a system to perform research on that is non-attributable, i.e. one that cannot be traced back to them or there company. The non-attributable system’s purpose is to keep adversaries from knowing when you are on to them. This article outlines how to setup a Linux VPS on Linode.com and demonstrates how fast and easy it is to rebuild it with another operating system if needed.
So you want to be a Cyber Security Analyst…
Welcome
Welcome to our humble digital abode! This site is all about cyber security and the tools needed to make it happen so if you are or want to be a cyber security analyst this is a good resource. Cyber security has different meanings depending on who you are talking too, here we will be covering it from a technical practitioner perspective and not as much from the management perspective. With that said, we will try to categorize content into the following five categories:
Continue reading “So you want to be a Cyber Security Analyst…”