General disclosure use at your own risk □ Guacamole offers two factor support…for all you security people out there. The Ubuntu server only has access to 3389/SSH into my sandbox and lab networks. To simplify remote access, I access the Guacamole web app that is hosted on my Ubuntu server. My workstation usually resides on my home network. I try to keep my sandbox, lab and home networks isolated. Pretty funny name huh? It’s pretty much a HTML5 web based KVM with a central repository of all rdp, vnc, ssh, telnet resources. Over the last year, I was introduced to a really cool open-source tool called Guacamole.
Setup Elastiflow (Netflow visual tool for ELK Stack)Īn Introduction to Threat Hunting With Zeek (Bro) >Collecting the Artifacts (means to collect the data)ĮLK Stack – collection of Netflow with ELK Stack + ElasticFlow Packet Capture in Cisco Router and SwitchesĪpplication visibility with Netflow (NO FIREROUTER required) Means to enable packet capture – just an example >Interrogating the Network (means to pull data from the network) Link to presentation – TimRoth_ClevelandSecuritySummit10_26 What a fun day! Thanks to all who attended my session at the Northern Ohio Security Summit “TRUE CRIME – the first 48 hours in your network” it was a packed house!Īs promised, here are some resources to enable you to LIGHT up your network.įeel free to hit me up on Linkedin with any questions.