Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Hurricane Labs

I've had the pleasure of spending yesterday and today (and I'll be here tomorrow too) at the 2010 CodeMash conference in Sandusky, at the spectacular Kalahari resort (if you've never been here, its way worth it). We attended the "precompiler" presentations yesterday, and have been to 3 presentations so far today. While the conference seems very heavy on the Microsoft and Ruby fronts (almost every presentation has had C# or Ruby code, some of them have had both), there's a lot of good stuff to come away with anyways. For example, the two presentations we attended yesterday discussed test-driven development, something I'd never experienced before. In addition, the presentations both discussed the merits of OOP, specifically when narrowing classes down to one particular function each. This was something I'd encountered before, but never really understood -- why would I w... (more)

Build Your Own Hack Lab

No matter what facet of information security you're in, from being the CISO down to just installing security patches and keeping up to date, there will probably be a point where you need to see the details of a hack. Maybe it's because you need to fingerprint what it does or how it acts on your network. Maybe it's because you need to be able to reproduce it in a penetration test. Either way you look at it, sometimes you just need to test something out. Obviously, this could go one of a few ways. You could execute these hacks on your network. This could lead to potentially bad out... (more)

Sales – Listen to the Customer

Sales – Listen to the Customer By: Matt Yonchak Before you read any further in this post please take five minutes to read this article: Why I Am Leaving Goldman Sachs As an IT security consultant/MSSP/whatever you want to call third-party security provider, the second I started reading that article I immediately began drawing comparisons to the current landscape of IT security companies. Too many times I’m brought into a company to discuss a need that they have that relates to security and I’m confronted with “Well Company X told us to purchase this technology and that would solv... (more)

New Splunk Nagios/Icinga Checks

A few months ago, we released a tool called check_splunk_license to the world (under the GPL at the time, but as of 4/19/2012, alternatively available under the MIT license). Since then, the check was adopted by Luke Harris for use in the Splunk for Nagios app for Splunk. We promised way back when that we’d add additional checking for the expiration of licenses, and now I’m here to tell you we’ve made good on that promise. But there’s more to the update than just expiration monitoring… The reason we originally released check_splunk_license, you may recall, was in direct response... (more)

Ohio LinuxFest 2012 – Reflecting on Fun

Ohio LinuxFest 2012 – Reflecting on Fun By: Dru Streicher Another Ohio LinuxFest has come and gone, yet the level of ingenuity I witness every year never ceases to amaze me. There were two presentations that stood out as the highlights of my weekend. The first presenter, Daniel Thau, demonstrated his new distribution called Bedrock Linux. I’ll admit it, the cynic in me was saying, “great just what we need, another distro.” I thought of all the distributions flying around today and wondered what could be so special about this one. Boy was I wrong! Bedrock Linux is unique: it pull... (more)