Andrew Hay

November 5, 2009
by Andrew Hay
11440 comments2009-11-05+21%3A08%3A44Andrew+Hay

Configuring a Promiscuous Interface on Ubuntu 9.04

If you’ve got a bad memory (like me) you might some day find yourself searching for a way to configure an interface on your Ubuntu 9.04 system to use as a sniffer interface. Here is how you do it: 1) … Continue reading →

October 27, 2009
by Andrew Hay
11092 Comments2009-10-27+19%3A54%3A46Andrew+Hay

Installing log2timeline on SIFT – Updated Instructions for Ease of Use

If you use the SANS Investigative Forensic Toolkit (SIFT) Workstation for your forensic analysis you can easily add log2timeline to your VMware guest image. In order to get these files using the wget, yum, and cpan methods you must ensure … Continue reading →

April 24, 2007
by Andrew Hay
990 commentsQuick+and+Dirty+VPN+over+SSH2007-04-24+16%3A45%3A26Andrew+Hay

Quick and Dirty VPN over SSH

A colleague of mine sent me a cool little command to create, a “quick and dirty vpn over ssh”: It’s a quick and dirty vpn over ssh and only requires that ssh and pppd are installed on each end (generally … Continue reading →

November 3, 2006
by Andrew Hay
541 Comment2006-11-03+11%3A56%3A29Andrew+Hay

How to disable 3rd party cookies in Firefox 2.0

Found an interesting blurb on the Mozillazine Forums: You used to be able to set this via the standard user interface pre-2.0 but now you must go to the address bar and type: about:config You can then search for the … Continue reading →

October 24, 2006
by Andrew Hay
491 CommentMalware+Analysis%3A+Tools+of+the+Trade2006-10-24+12%3A24%3A15Andrew+Hay

Malware Analysis: Tools of the Trade

Excellent information gathering by Lorna Hutcheson in this Internet Storm Center Handler’s Diary Entry. From the diary entry: First I want to thank everyone who sent in tools for this endeavor. I hope that this list of tools continues to … Continue reading →

September 20, 2006
by Andrew Hay
260 comments2006-09-20+16%3A48%3A25Andrew+Hay

Exporting NetFlow on Cisco Routers and Switches

A lot more Network Security Monitoring (NSM) products these days (Freeware and Open-source Applications & Commercial Applications) are capable of receiving NetFlow from routing and switching devices. Configuring the export of these flow records are not the most straightforward task … Continue reading →

September 18, 2006
by Andrew Hay
230 commentsHowTo+Build+a+Snort-based+NSM2006-09-18+19%3A07%3A44Andrew+Hay

HowTo Build a Snort-based NSM

Here is a great step-by-step document for creating a Network Security Management infrastructure using Snort, Apache, SSL, PHP, MySQL, and BASE installed on CentOS 4, RHEL 4 or Fedora Core – with NTOP. Introduction from Patrick Harper, CISSP, RHCT, MCSE: … Continue reading →