OSSIM Logo

'Split-Brain DNS' for Internal HTTPS with Let's Encrypt

Introduction In this previous post, I showed how to connect to a Unifi router with HTTPS, effectively ridding you of the tedious words, “Your connection is not private.” However, the method shown in that post directs your connection to an external DNS server (e.g., CloudFlare) in order to resolve your Unifi router. This adds some latency by requiring your traffic to flow out and in rather than staying local. Additionally, it requires opening some ports externally. While this is not necessarily bad, it certainly increases the risks and attack surface of your network. ...

May 13, 2022 · 10 min · Robert D. White
OSSIM Logo

Manage Linux Logs on AlienVault OSSIM

Introduction OSSIM is a powerful open source security information and event management (SIEM) operating system. AlienVault OSSIM is the open source version of AlienVault, which is sold by AT&T. I have used OSSIM in professional deployments in the past, and I currently use OSSIM for vulnerability scanning, asset management, and security alerts. OSSIM can often be overly complicated to set up and install, and the documentation available for troubleshooting is sparse. I have learned a lot of great tricks over the years by trial and error. ...

April 19, 2022 · 7 min · Robert D. White
Graylog & Unraid Logo

Run Graylog with Docker Compose on Unraid

Introduction Logging and traffic monitoring are of utmost importance in information security. Having searchable stored logs can allow visibility into a variety of critical activities related to a data breach. For example, individual computer event logs can provide insight into an attacker’s lateral movement within an environment. Active Directory authentication logs can provide more detail into this lateral movement and even help to establish a timeline of this movement. Firewall logs can provide insight into an attacker’s first contact or the first time an attacker utilized a particular command or control domain. NetFlow logs allow visibility into how a user interacts with other devices internally. ...

March 27, 2022 · 7 min · Robert D. White
Twitter Icon

How to Access Twitter Without an Account, Anonymously

Interestingly, after my previous post describing how to route Docker containers through VPN on Unraid, I received a substantial lot of questions via email about my hints at accessing Twitter anonymously. This post is my response to those questions, and I will describe my workflow to access Twitter feeds anonymously, without an account. This post will assume you have read my post on how to route Docker containers through VPN on Unraid or that you already know how to accomplish this. If you do not, start here. ...

November 19, 2021 · 4 min · Robert D. White
Docker VPN Graphic

How to Route Any Docker Container Through VPN in Unraid

Today’s post will cover how you can route any Docker container through a VPN. There are many reasons you might want to route a Docker container through a VPN. Some common considerations are privacy, anonymity, and security. I always recommend a VPN provider that values privacy, and in your search, you should consider providers that do not keep access logs that can be tied back to you (I use Private Internet Access [PIA]). ...

November 17, 2021 · 4 min · Robert D. White