Blog
Properly renaming Proxmox nodes
How to rename proxmox nodes when you have VMs already present on the cluster - this post shows how to do this in 5 steps.
October 17, 2022
Zeek without rc.local
In order for Zeek to properly capture packets you need to disable some network card features, such as tcp offloading and the like.
October 7, 2022
Using Osquery to check if you’ve patched CVE-2022-26809
Update: this won’t work as monthly rollups supersede discreet KB patches. See…
April 20, 2022
Using Google Chat for Elastic Security Alerts
How to set up Google chat to receive security alerts from Elastic Defend.
April 19, 2022
Getting Dockerd to behave with Snap
How to use the snap version of docker on Ubuntu without dying of frustration.
April 18, 2022
Increasing signal to noise ratio for Mitel systems
If you’re responsible for defending Mitel systems, specifically the Mitel MiCollab suite running on Mitel’s “Mitel Standard Linux” you have probably noticed by now that the systems are very noisy from defenders point of view, for example: Yes this is actually a legitimate process tree on a Mitel Micollab system — I was investigating an alert that detects suspicious child processes spawned by Java and this is what I found. With process parent-sibling relationships as long as these being the normal (the full tree is about 20 processes long) it is hard to detect or alert on actual malicious activity.
March 27, 2022
Detecting CVE-2021–41379 using EQL
Detect CVE-2021–41379 being exploited using Elastic EQL rules.
November 23, 2021
Deploy Elastic Agent with Microsoft Intune
In my previous story I shared how any organisation can go from having zero security visibility to having a wealth of contextual information in less than a day. In this article I’m going to share a small Powershell script that can be used with any management tool to deploy Elastic Agent to a whole fleet of Windows systems. Using this tool an administrator can easily deploy Elastic Agent to 10 or 1000 systems without breaking a sweat!
October 28, 2021
From Zero to Visibility in record time
With Security context is critical ; to make a simple analogy there is a huge difference between your wife holding a bread-knife during the daytime is a very different situation to an intruder wielding that same knife in the dark of night. At Threatbear we help Aussie companies detect and respond to Cybersecurity threats and the workflow often goes like this : Install an Osquery fleet server ~1day Build the binaries and connect the endpoints ~1day+
May 28, 2021
Renaming multiple files
How to rename thousands of files with unique names using bash scripting.
February 27, 2019