I recently determined the format for timestamps indicating when VMware Snapshots were initially created, as logged in the *.vmsd file.
Author: Phil Hagen
Permanently Ban Repeat Offenders With fail2ban (UPDATED)
The fail2ban suite is a very useful tool in the battle against brute force login attempts. Where it’s capabilities broke down for me, however, was in addressing repeat offenders. This post includes a configuration to permanently block repeat offenders using the iptables firewall.
Applicability of Academia [Updated]
Although I’m not much of an academic, I really appreciate some of the great research – pure and applied – that is done every day to further our collective understanding and capabilities. Since I work a lot with the computer forensic sector, I often find some excellent research that happens to line up with something… Continue reading Applicability of Academia [Updated]
Forward QNAP NAS Syslog Messages Through an SSL tunnel
This entry contains detailed steps on how to configure a QNAP NAS device to forward log messages via the network over an SSL-encrypted tunnel. All information here should be accurate, but I can’t guarantee there are no errors. I therefore wrap this entire entry in an “it works for me and I hope it also… Continue reading Forward QNAP NAS Syslog Messages Through an SSL tunnel
DoD Cyber Crime Conference 2012: A Recap
I was fortunate enough to attend this year’s DoD Cyber Crime Conference, in Atlanta, GA. While these events are always great opportunities to meet up with old friends, I also took away a lot of useful information on the current and evolving state of computer forensics and the greater information security community. Partially as a… Continue reading DoD Cyber Crime Conference 2012: A Recap
Crosspost: SANS Network Forensics (FOR558) in Arlington, VA
Now that the holidays are over, it’s time to re-focus on challenges ahead. That includes training to help you to successfully tackle those tasks ahead in the new year. It’s an ideal time to join Phil Hagen in Arlington, VA for FOR558: Network Forensics. This course has been in high demand, and now you’ll be… Continue reading Crosspost: SANS Network Forensics (FOR558) in Arlington, VA