I recently had to reinstall my personal Splunk instance and reconfigure my endpoints to log back to my Splunk. In the past, it was a long process of SSHing into each host and manually reinstalling Universal Forwarders on each host. Thankfully, I’ve been learning a bit of Ansible and decided to take on a small side project of building a role that installs Universal Forwarders on Windows, Debian, ARM (Rpi), and FreeBSD clients.Continue reading “Ansible Splunk Forwarder Role”
My little project has snowballed into hours and hours of work.Continue reading “Updates on automated bug bounty recon framework”
I am currently working on a project that I have never attempted before, a programming project.
While my project is not written in Python (We’ll get there eventually), this was the first project that I had set out to solve without very much experience within the beginning.
There are a few blogs out there on the internet that walk you through setting up a pfSense Splunk forwarder, and a few more that talk about getting your Suricata IDS logs into your Splunk, but there is not an all-in-one guide to help you do both. Today we hope to solve that problem and give you an all-in-one guide on how to do this.Continue reading “pfSense, Suricata, and Splunk”
At the time of writing this, we do not have very much in place to enforce what passwords can and can’t be used on the network aside of the standard group policy controls. In the past, I used to gather AD Password hashes from the domain controller and then run the password through hashcat in order to give me a list of user passwords; The Domain Password Spray Powershell script from Dafthack changes everything.
I am currently working on setting up my website (austinoneil.com) to be SSL encrypted. The webserver is currently setup with Microsoft IIS and is not currently configured to be SSL secure. Today, we shall change this.Continue reading “SSL on IIS 8.5 Web Server using Let’s Encrypt”