Skip to content
Github Twitter YouTube

Lost in Security (and mostly everything else)

Skip to content
  • About me
  • My GitHub Repos
  • Packet Analysis
  • SecurityOnion
  • Challenges
Home Page

Allowed memory size of ‘XXX’ error in Security Onion – Fixed!

Herbie Zimmerman May 14, 2015 May 15, 2015SecurityOnion 1

So off and on while playing with Security Onion and Squert over the past several months, I have come across the dreaded “PHP Fatal error: Allowed memory size of X bytes exhausted (tried to allocate Y bytes) in /var/www/squert/.inc/callback.php” error when pulling up a full PCAP in either ELSA or…

Continue reading

Umm… What is this on the wife’s laptop?

Herbie Zimmerman April 30, 2015 February 23, 2016Packet Analysis, SecurityOnion 0

So last night while playing around with my router trying to get it running as an OpenVPN Server (which was nothing but an all-day, bang-your-head-against-the-wall kind of experience since, from what I can tell reading multiple sites about Mikrotik, does not have a solid OpenVPN server package) I noticed this…

Continue reading

15-02-2015 – Sweet Orange infection

Herbie Zimmerman February 15, 2015 February 23, 2016Packet Analysis 0

So while at work the other day I came across an interesting alert that, thankfully, was not successful. The following is what I got once I got home and was able to run this on my test VM. So let the party begin! The start of the infection chain starts…

Continue reading

Part 3 of 3 : Nice email – Subject: Employee Documents – Internal Use

Herbie Zimmerman January 27, 2015 January 27, 2015Packet Analysis 0

This is my last post about this particular malicious email that I got in the mail sometime last week. If you have not read the other posts about this email (looks to be in the Dyre malware family), please see part one here and part two here.

Continue reading

Part 2 of 3 : Nice email – Subject: Employee Documents – Internal Use

Herbie Zimmerman January 26, 2015 January 26, 2015Packet Analysis 0

As the title suggest, this is the continuation of my investigation into a malicious Dyre email that I received a while back. If you did not see my initial post (and mind you, first blog about malware analysis), then you can find that here. The other thing that I am…

Continue reading

Part 1 of 3 : Nice email – Subject: Employee Documents – Internal Use

Herbie Zimmerman January 21, 2015 January 26, 2015Packet Analysis 0

So I figured that it is time that I start putting SO (Security Onion) to good use and start trying to find malware to dissect. So I started going through the SPAM/JUNK mail folders in the different email accounts that I have. After checking several emails, I came across the…

Continue reading

Security Onion and Elsa issues

Herbie Zimmerman November 6, 2014 January 25, 2015SecurityOnion NSM, SecurityOnion 0

So the other day while reviewing alerts in Squert I noticed a lot of alerts triggering for ‘ET POLICY SSLv3 outbound connection from client vulnerable to POODLE attack.’ The rule for this is: alert tcp $EXTERNAL_NET [443,465,993,995,25] -> $HOME_NET any (msg:”ET POLICY SSLv3 outbound connection from client vulnerable to POODLE…

Continue reading

«‹91011
Powered by Nirvana & WordPress.