NTLM

Using a New NTLM Hash Lookup Bulk Check API

Using a New NTLM Hash Lookup Bulk Check API In today’s cybersecurity landscape, organizations and security professionals are continually searching for efficient ways to detect and mitigate threats. One such method involves using NTLM hash lookup services. If you’re looking to validate multiple NTLM hashes quickly, a bulk check API can be invaluable. In this post, we’ll delve into the specifics of using a NTLM hash lookup bulk check API and guide you through the process. ...

December 20, 2023 · 3 min · Robert D. White
OSSIM Logo

Manage Linux Logs on AlienVault OSSIM

Introduction OSSIM is a powerful open source security information and event management (SIEM) operating system. AlienVault OSSIM is the open source version of AlienVault, which is sold by AT&T. I have used OSSIM in professional deployments in the past, and I currently use OSSIM for vulnerability scanning, asset management, and security alerts. OSSIM can often be overly complicated to set up and install, and the documentation available for troubleshooting is sparse. I have learned a lot of great tricks over the years by trial and error. ...

April 19, 2022 · 7 min · Robert D. White
Graylog & Unraid Logo

Run Graylog with Docker Compose on Unraid

Introduction Logging and traffic monitoring are of utmost importance in information security. Having searchable stored logs can allow visibility into a variety of critical activities related to a data breach. For example, individual computer event logs can provide insight into an attacker’s lateral movement within an environment. Active Directory authentication logs can provide more detail into this lateral movement and even help to establish a timeline of this movement. Firewall logs can provide insight into an attacker’s first contact or the first time an attacker utilized a particular command or control domain. NetFlow logs allow visibility into how a user interacts with other devices internally. ...

March 27, 2022 · 7 min · Robert D. White
OSSIM + Unraid Graphic

How to Run AlienVault OSSIM as a VM on Unraid

Introduction For this post, I will show you how to setup Unraid to run AlienVault OSSIM as a VM. OSSIM is a powerful open-source SIEM that you can leverage on your network for free. I use OSSIM for network-wide vulnerability scanning and endpoint host intrusion detection. OSSIM’s integrated HIDS is a fork from OSSEC. Additionally, OSSIM integrates with Open Threat Exchange (OTX), which can be installed on Windows, Mac, and Linux endpoints and servers for an up-to-date, open-source vulnerability scanning tool. I deploy the OTX installer via my free Mosyle account (MDM for MacOS) and Intune (MDM for Windows). ...

October 1, 2021 · 4 min · Robert D. White
SSL Error Screenshot

How to Connect to Your Unifi Dream Machine or UNVR with SSL from Let's Encrypt

Update 05/09/2022: The conclusions of this post will route your traffic externally, requiring your local devices to reach external DNS servers (e.g., in my case, CloudFlare) in order to resolve your Unifi Gateway address. If you want to handle all of this completely locally/internally, check out my newer post: HTTPS for Internal Resources Alright, if you have a Unifi device like a Dream Machine, Dream Machine Pro, UNVR, CloudKey, or other device, you likely have been met with the dreaded red triangle followed by the tedious words, “Your connection is not private.” ...

September 22, 2021 · 4 min · Robert D. White