Lost in Security (and mostly everything else)

Part 1 of 3 : Nice email – Subject: Employee Documents – Internal Use

Herbie Zimmerman January 21, 2015 January 26, 2015Packet Analysis 0

So I figured that it is time that I start putting SO (Security Onion) to good use and start trying to find malware to dissect. So I started going through the SPAM/JUNK mail folders in the different email accounts that I have. After checking several emails, I came across the…

Security Onion and Elsa issues

Herbie Zimmerman November 6, 2014 January 25, 2015SecurityOnion 0

So the other day while reviewing alerts in Squert I noticed a lot of alerts triggering for ‘ET POLICY SSLv3 outbound connection from client vulnerable to POODLE attack.’ The rule for this is: alert tcp $EXTERNAL_NET [443,465,993,995,25] -> $HOME_NET any (msg:”ET POLICY SSLv3 outbound connection from client vulnerable to POODLE…