Proxy re-encryption

What is proxy re-encryption? Proxy re-encryption lets Alice send Bob a message (M) via a semi-trusted proxy, without revealing Alice's private key to either the proxy or Bob, and without revealing the secret message to the proxy. As Wikipedia puts it: "Proxy re-encryption schemes are cryptosystems which allow third parties (proxies) to alter a ciphertext … Continue reading Proxy re-encryption

Using Let’s Encrypt manual mode

Let's Encrypt is a service sponsored by web giants such as Facebook, Google Chrome, and Cisco (https://letsencrypt.org/). Let's Encrypt has recently gone into public beta and is extremely easy to use. It has some modules already built in to integrate directly with popular webservers like Apache. In my case, I had two use cases where … Continue reading Using Let’s Encrypt manual mode

Data mining firewall logs : Principal Component Analysis

In this article we'll explore how Principal Component Analysis [PCA] [1] - a popular data reduction technique - can help a busy security or network administrator. Any such administrator has often been faced with a daunting problem... going through reams of firewall or router connection logs trying to figure out if any of the thousands … Continue reading Data mining firewall logs : Principal Component Analysis

BLE Health Devices: First Steps with Android

Bluetooth Low Energy (also known as Bluetooth v4) is the current standard in Bluetooth Technology. It is particularly interesting to me when applied to healthcare devices, for a number of reasons: No pairing necessary. These healthcare devices are normally handled by carers or vulnerable people who do not want to go through the hassle of … Continue reading BLE Health Devices: First Steps with Android

ELK : exporting to CSV

Note: the following requires the "jq" json parser, available from: http://stedolan.github.io/jq/ 1. Run the desired query through the Kibana WebUI 2. Expand the additional options pane by clicking on the arrow underneath the graph as indicated in the below screenshot: 3. Select “Request” and copy the request displayed: 4. Open a linux terminal and use the … Continue reading ELK : exporting to CSV

AlienVault ELK Integration

In the last couple of blog posts[1][2] we've been exploring how to use the ELK stack as a forensic logging platform. We also had a couple of posts on deploying some AlienVault features [3][4]. In this post we explore a quick and easy way to integrate between the two systems. Apart from the flexible querying … Continue reading AlienVault ELK Integration

AlienVault: Adding a logger to a distributed deployment

There has been some confusion about how exactly to add a dedicated logger appliance to an AlienVault distributed deployment, that is, a setup where server roles (SIEM server, database, loggers, sensors, etc) are hosted on separate servers. It's not very well documented so here goes (with many thanks to AlienVault Support for providing the information): The configuration … Continue reading AlienVault: Adding a logger to a distributed deployment