Sysinternals Tool Sysmon Usage Tips and Tricks

Microsoft Sysinternals tool Sysmon is a service and device driver, that once installed on a system, logs indicators that can greatly help track malicious activity in addition to help with general troubleshooting.
Sysinternals from Web Browser:

• https://live.sysinternals.com/

Basic Sysmon Usage commands:

Installation:
sysmon -i -accepteula [options]

• Extracts binaries into %systemroot%
• Registers event log manifest
• Enables default configuration

Forwarding Windows Event Logs to Syslog Server (Kiwi Syslog)

Centralizing your logs saves time and increases the reliability of your log data, especially for Windows machines. When Windows log files are stored locally on each server, you have to individually log into each one to go through them and look for any errors or warnings. It’s possible for a Windows server to forward its events to a “subscribing” server. In this scenario the collector server can become a central repository for Windows logs from other servers in the network.There are many ways you can forward your windows event logs to a centralized log server. You can use event log forwarding feature which was introduced in Windows Server 2008. Event log forwarding brought forth a native and automatic way to get events from multiple computers (event sources) into one or more machines called collectors. Another option is to use third party software, such Solarwinds Free Event Log Forwarder for Windows. 

In this post, I am going to introduce another free software , Eventlog to Syslog. The Eventlog to Syslog utility is a program that runs on Microsoft Windows NT class operating systems monitoring the eventlog for new messages. When a new message appears in the eventlog, it is read, formatted, and forwarded to a UNIX syslog server.

1. Install Syslog Server - Kiwi Syslog Free Version
Download address: https://thwack.solarwinds.com/community/free-tools-and-trials

Install Mac OSX AnyConnect Package on Cisco Router and on Mac Machine

Symptoms: 
One of my clients reported a Cisco AnyConnect issue. It only happened to his machine and later we found that is because he is using Mac machine. His credential works fine if he uses it at windows machine.

From following screenshot, obviously there is Mac AnyConnect package missing from vpn gateway.

Error Messages:

"VPN
The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.

PFsense Configuration with Topology and Screenshots

pfSense is an open source routing and firewall software that is based on the FreeBSD distribution. The basic features including:

pfSense Home Topology

• Static/default/dynamic routing
• Stateful firewall
• Network Address Translation (NAT)
• Virtual Private Networks (VPN)
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Load balancing and so on. 

With many supported add-on packages, other advanced features including:

• Snort (for Intrusion Detection and Prevention)
• FreeSWITCH (Voice over IP)
• Squid (Proxy)
• SquidGuard (URL Filtering/HTTPS inspection)
• Darkstat (Network Traffic Monitor)

Qualys Scanner Appliance and Qualys Guard Service Tips and Tricks

The Qualys Cloud Platform and its integrated apps can simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Qualys Scanner Appliance is an option with the Qualys Cloud Platform. With the Qualys Scanner Appliance, you can easily assess internal network devices, systems and web applications.  This post summarize some of my experience with Qualys Guard service from Qualys Scanner Appliance.

1. AssetView 
1.1 Dashboard

Install ProxMox 5.3 into VMware Workstation 14

Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform, and easily manages high availability clusters and disaster recovery tools with the built-in web management interface.

The enterprise-class features and the 100% software-based focus make Proxmox VE the perfect choice to virtualize your IT infrastructure, optimize existing resources, and increase efficiencies with minimal expense. You can easily virtualize even the most demanding Linux and Windows application workloads, and dynamically scale-out your computing and storage as your needs grow ensuring to stay adaptable for future growth of your data center. You can easily use Proxmox VE to control KVM and OpenVZ virtual machines and create a small computing cloud with it.

YouTube Video: Install ProxMox 5.3 into VMware Workstation

Kali Usage Tips and Tricks

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.

Download Kali: https://www.kali.org/downloads/

Basic Configuration Videos:

Running WordPress in the Docker of AWS EC2 Instance

Docker is a technology that allows you to build, run, test, and deploy distributed applications that are based on Linux containers.

Docker is available on many different operating systems, including most modern Linux distributions, like Ubuntu, and even Mac OSX and Windows.If you are using Amazon EC2 already, you can launch an instance and install Docker to get started.

Youtube Video: