Proxy re-encryption

What is proxy re-encryption? Proxy re-encryption lets Alice send Bob a message (M) via a semi-trusted proxy, without revealing Alice's private key to either the proxy or Bob, and without revealing the secret message to the proxy. As Wikipedia puts it: "Proxy re-encryption schemes are cryptosystems which allow third parties (proxies) to alter a ciphertext … Continue reading Proxy re-encryption

Advertisements

Using Let’s Encrypt manual mode

Let's Encrypt is a service sponsored by web giants such as Facebook, Google Chrome, and Cisco (https://letsencrypt.org/). Let's Encrypt has recently gone into public beta and is extremely easy to use. It has some modules already built in to integrate directly with popular webservers like Apache. In my case, I had two use cases where … Continue reading Using Let’s Encrypt manual mode

AlienVault: Adding a logger to a distributed deployment

There has been some confusion about how exactly to add a dedicated logger appliance to an AlienVault distributed deployment, that is, a setup where server roles (SIEM server, database, loggers, sensors, etc) are hosted on separate servers. It's not very well documented so here goes (with many thanks to AlienVault Support for providing the information): The configuration … Continue reading AlienVault: Adding a logger to a distributed deployment

Building a Logging Forensics Platform using ELK (Elasticsearch, Logstash, Kibana)

During a recent project we were required to build a "Logging Forensics Platform", which is in essence a logging platform that can consume data from a variety of sources such as windows event logs, syslog, flat files and databases. The platform would then be used for queries during forensic investigations and to help follow up … Continue reading Building a Logging Forensics Platform using ELK (Elasticsearch, Logstash, Kibana)

Bringing reliability to OSSEC

As we saw in a previous blog post, OSSEC is UDP based. This is great for performance, and can scale to 1000s of nodes. However, it means there is an inherent problem of reliability. UDP is a connection-less protocol, hence the OSSEC agent has no guaranteed way of knowing that a particular event has been … Continue reading Bringing reliability to OSSEC

OSSEC event loss troubleshooting

There is a general consensus that OSSEC will lose events in the event that the main OSSEC server goes offline for whatever reason ( [1] , [2] ) - be it the service is stopped, a network disconnection, or anything in between. However, there doesn't seem to be much information on when exactly even loss can occur, for … Continue reading OSSEC event loss troubleshooting

Practical Reflected File Download and JSONP

This week introduced us to a new web attack vector, which the researcher dubbed "Reflected File Download" [RFD] . It's a very interesting attack which has potential to do some severe damage, especially in social engineering contexts. Full details of the reflected file download attack can be found here: http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html While reading through the white … Continue reading Practical Reflected File Download and JSONP