Last talk #EuroBSDCon - Eirik Øverby 'FreeBSD and the absurdities of security compliance' very interesting talk and entertaining but check out the video for some workable advice afterwards. He mentions kernel audit logging and file integrity monitoring with bsdmaudit, auditd, etc. ie see based on a module of a project I am involved with for FIM idea https://medium.com/@hannahsuarez/response-on-data-manipulation-attacks-and-using-file-integrity-monitoring-to-help-mitigate-b92fb1d21a18 but there are various documentation out there also.
From #eurobsdcon social event - panorama of Maihaugen open air museum near #Lillehammer #Norway before the dinner
#eurobsdcon 23 years of software side channel attacks - Colin Percival, Tarsnap
My comment in /r/sysadmin on setting up AD auditing https://www.reddit.com/r/sysadmin/comments/d4jz6g/auditing_ad/f0taryd/
At #CERNOpenDays was a demonstration of Immersion Cooling for HPC, hyperscalers and datacenters. Using a liquid type of substance (pictured, but you cannot tell) to cool hardware as a replacement for fans. Feels like oil.
Interesting thinking about the operational challenges to use liquid for cooling in data centres etc.
BSidesVienna CFP deadline: November 4 2019 for November 30 2019 conference. See https://bsidesvienna.at/
Just a note, the post that I wrote is about Syslog messaging formats and the differences in formats (there are various use cases as to why, but is too long here, usually in cases like sending to SIEM).
There is Syslog as an actual messaging format (ie Syslog BSD, Syslog IETF) and protocol (see https://en.wikipedia.org/wiki/Syslog to read more and as a starting point) . And then there are company published Syslog implementations and various other utilies based on the protocol (ie Syslog-ng, Rsyslog).
List of Paths and EventIDs from NSA Windows Events to monitor Reference guide https://github.com/nsacyber/Event-Forwarding-Guidance - https://gitlab.com/snippets/1894116
@phessler Going to eurobsdcon?
Hey! we got a 'lock' mascot..
Time to transfer https://github.com/nsacyber/Event-Forwarding-Guidance/tree/master/Events from tables into config files (YML and Apache style) complete with actual QueryXML paths.
I was also going through JPCERT's findings of lateral movements (https://infosec.exchange/@superruserr/102758888094852574) and found that there seems to be little overlap between EventIDs to monitor guide written by NSA and the lateral movements by JPCERT. This makes sense because the NSA guide is more threat hunting and JPCert is more about detection/alerting of early lateral movements.
@mwlucas Will I be able to buy your books at #eurobsdcon? Interested in Sudo Mastery
Answer to doing IIS logging https://www.reddit.com/r/sysadmin/comments/cxi3vr/what_is_a_simple_syslog_agent_for_windows/ezpycuw/ from W3C format to Syslog (to be consumed by a Syslog server)
Love the graphics and nonetheless very interesting
https://hitcon.org/2017/CMT/slide-files/d2_s1_r1.pdf
(follow up to this thread: https://infosec.exchange/@superruserr/102758888094852574)
Graphic text at page 8 of the slides
ie EventID: 104
システムログファイルがクリアされました
❗
Just updated to include this interactive and searchable Github resources that JPCERT published:
https://jpcertcc.github.io/ToolAnalysisResultSheet/
Looks like the Event Source path etc are updated too.
EventIDs based on JPCERT Lateral Movement through Tracking Event Logs https://hannahsuarez.github.io/2019/eventids-lateral/
Converting Windows EventLog to Syslog https://nxlog.co/eventlog-to-syslog
Learn all about the different #Syslog formats - BSD, IETF, Snare as well as the Syslog extensions (LEEF, CEF, JSON over Syslog)
de, IT-sicherheit
