OSSIM Logo

'Split-Brain DNS' for Internal HTTPS with Let's Encrypt

Introduction In this previous post, I showed how to connect to a Unifi router with HTTPS, effectively ridding you of the tedious words, “Your connection is not private.” However, the method shown in that post directs your connection to an external DNS server (e.g., CloudFlare) in order to resolve your Unifi router. This adds some latency by requiring your traffic to flow out and in rather than staying local. Additionally, it requires opening some ports externally. While this is not necessarily bad, it certainly increases the risks and attack surface of your network. ...

May 13, 2022 · 10 min · Robert D. White
OSSIM Logo

Manage Linux Logs on AlienVault OSSIM

Introduction OSSIM is a powerful open source security information and event management (SIEM) operating system. AlienVault OSSIM is the open source version of AlienVault, which is sold by AT&T. I have used OSSIM in professional deployments in the past, and I currently use OSSIM for vulnerability scanning, asset management, and security alerts. OSSIM can often be overly complicated to set up and install, and the documentation available for troubleshooting is sparse. I have learned a lot of great tricks over the years by trial and error. ...

April 19, 2022 · 7 min · Robert D. White
Graylog & Unraid Logo

Run Graylog with Docker Compose on Unraid

Introduction Logging and traffic monitoring are of utmost importance in information security. Having searchable stored logs can allow visibility into a variety of critical activities related to a data breach. For example, individual computer event logs can provide insight into an attacker’s lateral movement within an environment. Active Directory authentication logs can provide more detail into this lateral movement and even help to establish a timeline of this movement. Firewall logs can provide insight into an attacker’s first contact or the first time an attacker utilized a particular command or control domain. NetFlow logs allow visibility into how a user interacts with other devices internally. ...

March 27, 2022 · 7 min · Robert D. White
WP->Hugo

Migrating from Wordpress to Hugo

Introduction When I initially began posting publicly on this site, my goal was to be able to host my site fully with Docker for containerization. I hadn’t experienced any other decent blogging platform besides WordPress at the time, and I was bent on getting WordPress self-hosted with Docker. This goal was achieved, and my first public post details how I used docker-compose to deploy my blog using containers for WordPress and Traefik. ...

March 20, 2022 · 6 min · Robert D. White
Tails + Unraid Logo

Tails OS with Encrypted Persistence on Unraid as a VM

This post will show you how to run Tails OS as a VM with the Persistence feature enabled. Running Tails as a VM is not recommended generally as it defeats many of the security features in Tails. For example, virtualization requires that you trust the hypervisor host, as the hypervisor has extra privileges over a VM that can reduce security and privacy of the VM. I recommend reading Tails’s official documentation about virtualization considerations before continuing: https://tails.boum.org/doc/advanced_topics/virtualization/ ...

January 24, 2022 · 5 min · Robert D. White