Phishing Email Analysis ClamAV ClamAV is great to scan for malware but also can scan eml files including email attachments. Use the --debug flag for more info on the scan. clamscan sample.eml Continued You can also use ClamAV to scan any suspicious file. clamscan sample.zip Investigating a malicious link To investigate a link I use a REMnux container which offers so many awesome tools. I will cover THUG and Automater. Read more...

The basics MFA is basically putting an extra step, an extra barrier to login into an app or website. This extra step is what creates security. It does not prevent attacks or stop attacks. But what it does do is simple: it makes it harder for someone to hack you. The struggle Doing extra work is never fun. No one likes to do the extra work. I don’t like doing extra work. Read more...

Is it DevSecOp, SecDevOps, OpsSecDev? The infosec field is full of buzzword now more so with the explosion of automation and AI. Luckily, I am not easily fooled by the buzzword and look for the real meat and bones. So when I was tasked with automating some tasks at work I jumped into an interesting technology called Ansible. Ansible is a tool for automation that is cross platform. It relies on setting up a secure connection to an endpoint and then Ansible handle executing tasks on the system. Read more...

Learning to Authenticate WinRM has 2 componets: Communication and Authentication. Like with SSH, you establish a connection then you authenticate on the endpoint. In the previous post I wrote about setting up WinRM Listener over HTTPS. Now we have to setup Authentication luckily Windows offers serveral options for Authentication. But keep in mind not all are secure nor are supported with the type of account you would like to use. In other words if you want to authenticate with Kerberos forget about using a Local Account. Read more...

Emacs Multimedia System (EMMS) My preferred media player in Emacs is EMMS. Think of EMMS as a stackable playlist media player. EMMS out of the box does not actually play music. It relies on a “external” player like MPV, VLC, or MPLAYER. This is where this journey takes an interesting turn. Under Linux my EMMS setup is pretty straightforward. Below is my config: (emms-all) (emms-standard) (emms-default-players) (setq emms-player-list '(emms-player-vlc) emms-info-functions '(emms-info-native) emms-show-format "Playing: %s") I call EMMS, state I want to use EMMS standard list of players and include VLC in the list of players installed on my system. Read more...

2024 TAGITM South Texas Regional Summit The Digital Force Awakens: Mastering Threat Hunting in the Cyber Galaxy I had the pleasure of attending the TAGITM Regional Summit on Threat Hunting and Digital Forensics. The Summit focused on enhancing the skills of Texas cybersecurity workforce. The last few years have been rough for many Texas companies and governmental agencies. The rise in ransomware and cyberattacks has increased the need for these type of events. Read more...

Tools make the job Having the right tools at hand can make any job a breeze. It is also helpful to have a good working knowledge of the tools you use. In this case running containers like Docker or Podman are easily deployable in my work environment. So I decided to leverage the fact that REMnux offers Docker containers. This makes running powerful tools for small jobs extremely easy. I have been using this approach recently with much success for analyzing malicious links. Read more...

Emacs + Orgmode + Cybersecurity = Winning I work as a Cybersecurity Analyst and I use Emacs as my primary note taking application. Naturally I have developed some techniques and writing practices around my work and the use of Emacs aids in the process. I think the power of Emacs and Orgmode are a winning combination for the type of work I do. So let me share with you a some of the templates I created that help me in getting work done! Read more...

The obvious approach I use Emacs + Org-mode for my note-taking workflow as a Cybersecurity Analyst. Emacs is my geeky cred at my job, plus it is genuinely useful. So one day when working on taking some repetitive notes on an incident I had a bright idea. Why don’t I just create a few templates that speed up my workflow? A demonstration of my workflow for capturing notes on an incident Incident --> Get Data --> Investigation --> Capture Templates --> Notes Expanding the approach Once I became comfortable with the approach of my capture templates, I expanded them to use the full power of Emacs and Org-mode! Read more...

This years BSIDES RGV was great! I had a lot of fun was able to meetup with a lot of old colleagues and meet some new interesting people. The talks were great and I had a real hard time deciding which talks to attend. I’m glad it was another great successful year for BSIDES and I hope for more BSIDES in the future! If you enjoyed or found any of the content on my site helpful, you can buy me a cup of coffee so I can continue to bring you amazing content for free! Read more...