Tag: OSSEC

OSSEC open source HIDs

3WoO Day 4: Learning From Malware

When most people receive an email with a malicious attachment, they do one of two things: either they delete it, knowing that it is malicious, or they get fooled into executing the attachment, which ruins their day. Then there is

Tagged with:

3WoO Day 4: Five Tips & Tricks for OSSEC Ninjas!

Are you an OSSEC ninja? Do you dress in orange and red and laugh maniacally at all of the frustrated attackers who have tried to take you down? Do you take medication for that condition? Ok, well, best of luck to

Tagged with:

3WoO Day 3: Leveraging Community Intelligence

The future of successful HIDS will not rely solely upon research from a small group of people. There are simply far too many things to look for to be an expert in all areas. Attacks involve changes to the file

Tagged with:

3WoO Day 2: Calculating Your EPS

Do you know how many events your OSSEC server receives? This can be an important piece of information for scaling a roll-out, or just to brag. I was curious, so I whipped up a little script to tell me. #Reset

Tagged with:

3WoO Day 1: The Week Ahead

Today begins the Third Annual Week of OSSEC. I put together a list of discussion topics (one per day) for the ossec-users mailing list, which are designed to build upon one another. I would like to encourage everyone to post

Tagged with:

Third Annual Week of OSSEC

It’s almost that time of year again. October is National Cybersecurity Awareness Month. It’s also the third year that we have the opportunity to come together as a community to share some great OSSEC info. This year we have designated

Tagged with:

The Immutable Friday Fav Five for September 23, 2011

Here are the five or more links that I found interesting for this week: This is just all kinds of awesome. It’s not that I am with the bad guys, but when they get this creative you have to give

Tagged with: ,

The Immutable Friday Fav Five for September 16, 2011

Here are the five or more links that I found interesting for this week: Dave Hoelzer from SANS provides some very useful “AuditCasts.” These are short, instructional videos on various topics. This week, Dave talked about the benefits of split

Tagged with:

The Immutable Friday Fav Five for September 9, 2011

Here are the five links that I found interesting for this week: The Shadowserver foundation is comprised of a group of volunteer security professionals who gather information about Internet-based crime. One of the more interesting projects is a compilation of

Tagged with: ,

Detecting the Apache Range Header DoS Attack with OSSEC

If you run Apache, you may have heard about the DoS vulnerability last week. Apache suffers from a condition where an attacker can remotely cause the web server to consume huge amounts of memory. This causes the system to be

Tagged with: ,
Top