Projects

reCaptcha With Lambda Part 2

In the previous article I covered all the steps and code that was required so that I can add a contact form with a reCaptcha on this very blog. These are the actual implementation steps I took to include them. Don’t worry the hard part has been done in part 1! Create contact form Using the client side HTML code I created the /content/contact.html file ensuring that I included the correct API Gateway URL’s for the post requests and the reCaptcha site key.

Continue reading

reCaptcha With Lambda Part 1

“You need to add reCaptcha to your webforms” - Its advice I’ve given out to security teams each time I see a malicious link or some spam pusher in the resulting email. Its the poor user who cops the brunt of them, increasing the chance of a click, increasing that chance of compromise. Reading through formspam is just a waste of time for everyone. I recall an instance where an internal securiy team miscofigured a tool they were using, set it to run overnight and that mailbox ended up with 35k+ emails in it.

Continue reading

A Qualys Journey From A to A+ (part 2)

In my last post, after updating the blog to use TLS1.2 and adding a CAA record thinking I would clear an A+ rating, I only retained an A rating. In this post I continue the journey striving for that A+ rating. Enabling HSTS It turns out that Mozilla observatory has a test you can also run, one that looks to be way stricter and they were not as impressed giving my site an F rating with a score of zero!

Continue reading

A Qualys Journey From A to A+ (part 1)

When it comes to your website, whats better than an A on your Qualys report? Why it has to be that A+! It might not seem like a big deal, but I still wanted to max out my score where I could. Little did I know I was about to get an education in the process. The Qualys SSL labs tester can be accessed via this URL https://www.ssllabs.com/ssltest/analyze.html. My initial report came back as follows:

Continue reading

Serverless Screenshots

This is a project that I have wanted to get working for some time now, but everytime I tried it, it failed on me. There was always some dependency error or some random obscure error. I’ve used url2png.com in the past to capture screenshots of malicious and unknown websites, and while I have scripts that replicate this functionality via PowerShell, I’m not comfortable running that script on a production machine at work.

Continue reading

Wrapup of Thehive Misp Cortex

This is the formal end of this series but I wanted to write a quick conclusion peice, so this post is a reflection about this 4 in 1 open source threat and incident response platform and the journey to get there. All the other posts in this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP

Continue reading

Revamping the Blog

It’s been just over 12 months since I’ve started bloging and this is now the 3rd iteration of the blog. First it was Wordpress on Lightsail. There was a cost involved and if you really want to make wordpress useful you need to add the security holes also know as plugins. It’s not that Wordpress was a bad solution, but I had no need for all the bells and whistles it could provide.

Continue reading

Upgrading Cortex

This is part 11 of the series about TheHive/MISP/Cortex and im covering off an upgrade of Cortex from 2.1.3 to 3.0.0. The other posts for this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex

Continue reading

Updating MISP

This is part 10 of this series. In this part I’m updating multiple minor versions of MISP. The other posts for this series can be found here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex

Continue reading

Upgrading TheHive

This is part 9 where I begin to lifecycle manage TheHive/MISP/Cortex software stack. Previous posts in this series are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex Part VII - Integrate TheHive and Cortex Part VIII - Integrate MISP to TheHive

Continue reading

Integrate Misp to Thehive

This is part 8 of the Cortex build. In this part I’m integrating TheHive with MISP and it doesnt go as smooth as I would have liked, but I got some good troubleshooting done in the process which I’ve documented. This will allow us to post observables to MISP from TheHive and vice versa! Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive

Continue reading

Integrate TheHive and Cortex

This is part 7 of the TheHive/Cortex/MISP build. In this part I’m integrating TheHive with Cortex. This is where the real magic happens! Links to the previous articles are here: Part I - Building TheHive Part II - Setup reverse proxy for TheHive Part III - Building MISP Part IV - Building Cortex Part V - Adding analyzers to Cortex Part VI - Setup reverse proxy for Cortex

Continue reading