Practical Reflected File Download and JSONP

This week introduced us to a new web attack vector, which the researcher dubbed "Reflected File Download" [RFD] . It's a very interesting attack which has potential to do some severe damage, especially in social engineering contexts. Full details of the reflected file download attack can be found here: http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html While reading through the white … Continue reading Practical Reflected File Download and JSONP

Advertisements

Adding agentless Windows WMI monitoring to Nagios

There are a couple of well documented methods to monitor Windows machines from Nagios. The most popular of these seems to be NRPE. This method works very well, but the biggest downside for me was the need to install a client on every machine that needed to be monitored. WMI seemed to be the best … Continue reading Adding agentless Windows WMI monitoring to Nagios

Bash scripting: another use for “DD”

For most linux users, "dd" is mostly used when dealing with disk issues, such as copying one disk to another (byte for byte) creating an ISO from a CD/DVD, and so on. I personally didnt know what else I would use dd for until I ran across a particular need.... I needed my linux script … Continue reading Bash scripting: another use for “DD”

Creating a custom Nagios/Centreon passive alerter

Scenario: This is very probably a familiar problem that any sysadmin must solve: Using your monitoring setup to receive alerts from other servers. Note the highlighted "receive". This is different from the standard poll / check that come out of the box with Nagios. Say for example, you would like to receive an alert whenever … Continue reading Creating a custom Nagios/Centreon passive alerter

Sending nagios / centreon notifications via IRC

Lately we needed to find a convenient method of notifying service desk operators of centreon notifications. Email was not a good option since operatives tended to simply delete the messages. Besides, we wantede something a bit more realtime. In the end, I decided on using IRC. I went with IRC rather than jabber due to … Continue reading Sending nagios / centreon notifications via IRC

Monitoring custom attributes via SNMP

There comes a time in every network admin’s career when management/developers/dbas need to monitor some obscure attribute on a particular server. Invariably, there is no pre-existing plugin in nagios to monitor this attribute. The solution of course is to write your own plugin to monitor this attribute. There are at least a couple of ways … Continue reading Monitoring custom attributes via SNMP

Analyzing SQUID access logs

There are loads of programs on the internet which are squid log analyzers. While this article does address the same thing, it’s presented more with an eye to how you can use standard linux bash scripts to obtain almost any output you want from log files. In the following script I use no python / … Continue reading Analyzing SQUID access logs