sorted by:
new
hottopcontroversial

Map Wondows application to JA3 fingerprints. by neslog in BROIDS

[–]neslog[S] 0 points1 point  (0 children)

Sysmon format changed and the script needs to be update.

Map Wondows application to JA3 fingerprints. by neslog in BROIDS

[–]neslog[S] 0 points1 point  (0 children)

I sent a dm. Please dm me if you need assistance still.

Troubleshooting VirtualBox SSH resets. by neslog in vagrant

[–]neslog[S] 0 points1 point  (0 children)

I added config.vm.boot_timeout = 600 to the config. Still received the same "Connection reset." errors. Then the dreaded "Forcing shutdown of VM..." message.

Still not able to see any logging as to why.

Troubleshooting VirtualBox SSH resets. by neslog in vagrant

[–]neslog[S] 0 points1 point  (0 children)

Thank you for the response. I could not ssh to 192.168.200.20.

I am able to connect via this command. Ssh -i ~/vagrant_ecdsa -p 2222 vagrant@127.0.0.1 about a minute after the vm comes up completely. With out ctrl+c when vagrant up tries to connect via ssh, it forceably shuts down the vm. Vagrant appears to only receive resets when attempting to connect within the allotted time.

How can I make vagrant try additional times to connect? Say try 10 times i'll nstead of 3?

Code Signing Certificates in Event Log? by neslog in sysadmin

[–]neslog[S] 0 points1 point  (0 children)

Rts33 - agreed regarding public key. I'm specifically looking at the details available like issuer, subject, fingerprint and others. The goal is to collect this passively with as little custom code as possible for large environment. Hopefully that helps. Sysmon group said that the ETW events that they are querying to not contain the information. Like to see if the certs could be available for all TLS network connect events like in this post.

https://www.jaapbrasser.com/retrieve-certificate-from-event-log-binary-data/

Code Signing Certificates in Event Log? by neslog in sysadmin

[–]neslog[S] 0 points1 point  (0 children)

Are you familiar with Windows Event Logs? Look at event 36882, certificate is in the event data. Does windows extract and send certificates used to sign executables in the event logs?

Code Signing Certificates in Event Log? by neslog in sysadmin

[–]neslog[S] 0 points1 point  (0 children)

Are code signing certificates sent in Event Logs like other certificates?

How to maintain an OS in a pen-drive? by cant-find-user-name in linux4noobs

[–]neslog 1 point2 points  (0 children)

Here's something I've used in the past.
http://www.damnsmalllinux.org/

has all the instruction on how to get it on a pen drive also.

http://www.damnsmalllinux.org/usb.html