In this blog I will show how use bot IntelMQ and ELK stack together so that the feed from IntelMQ can be pushed into the ELK for analysis. I will not go into the details of architecture for either of these as they are beyond the scope of this blog. In the previous blog post, I have already illustrated how we can install IntelMQ in Ubuntu 20.04 system using sources and use apt command to download packages and install them.
In this blog, we will be using the api provided by the shadow server and obtain information. We will use the official API to pull data from the Shadow Server systems. Previously this has been delivered manually via email but it be manual process where we can configure the intelmq to fetch the email from the email server obtain the attachment and delete the file. But from my perspective, this seems ineffective and not the proper way to do it.
In this post we will be installing IntelMQ, IntelMQ API and IntelMQ Manager. We will be following the original guide provided by the developer. A point to note is, I have initially tried to install the software on LXC system unfortunately I have failed when installing the system on to that platform then after couple of tries I have found that it was quite impossible to install and bring back up the system.
For a official purpose, I had to build a basic application. But it was not a normal application, it had to be a BIOS app. I can code in C/C++ to some extent, but I don’t know how to do it in BIOS. So after many hours, I understood that the easiest way to run is below. Please note that some basics have been already configured as per found in the coreboot document.
In this post we will try to understand the memory more. From here we will be able tweak some parameters and obtain more information regarding how we can assigne values into the memory which we have allocated and then try to access them via pointer and dereference. If we lookinto the code below, we can see that we have mapped a memory location at 0x404000 and we have called it my memory.
Qiling is an advanced binary emulation framework. It can emulate various types of archs and can be used to perform advanced operations as well. Below are some of the quick commands which are needed for my tasks. python module from qiling import Qiling # import from qiling.const import QL_VERBOSE init code=b"\x90" ql = Qiling(code=code, archtype='x86', ostype='Linux', verbose=QL_VERBOSE.DISASM) register ql.arch.regs.read("EAX") # read register ql.arch.regs.write("EAX", 0xff) # write register memory ql.mem.get_mapinfo() #get memory related information ql.
Today we are going to solve a problem which has been given to me by my colleague. The wanted to build a infrastructure where every user can register through a portal and upload their public key. When the user tries to login to the system, OpenSSH server will execute a python script (planning to upgrade it to rust) and generate appropriate string so that that specific user can access his / her own LinuX Container (LXC).
- OLDER POSTS
- page 1 of 3