Threat Level: green Handler on Duty: Russ McRee

SANS ISC Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

froxlor Server Management Portal severe security issue

Published: 2015-07-31
Last Updated: 2015-07-31 17:06:24 UTC
by Russ McRee (Version: 1)
0 comment(s)

The froxlor Server Management Panel is lightweight server management software. Your Handler on  Duty was unaware of foxlor, if diary readers are users, feel free to comment or email regarding your user experience and past security issues.

Per froxlor: 

Due to a severe security issue in the database logging system, we strongly recommend to update your current froxlor installation to 0.9.33.2. We also recommend to remove any content from the /froxlor/logs/ directory.

Download: 0.9.33.2

Note: Gentoo-ebuild and Debian packages are now available..

Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

Russ McRee | @holisticinfosec

Keywords: froxlor
0 comment(s)
Cisco Security Advisory: Cisco ASR 1000 (Aggregation Services Routers) Fragmented Packet DOS Vuln: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k
ISC StormCast for Friday, July 31st 2015 http://isc.sans.edu/podcastdetail.html?id=4593

Tech tip: Invoke a system command in R

Published: 2015-07-31
Last Updated: 2015-07-31 00:38:14 UTC
by Russ McRee (Version: 1)
0 comment(s)

I spend a lot of time using R, the programming language and software environment for statistical computing and graphics. It's incredibly useful for visualization and analysis, consider Data-Driven Security as a great starting point and reference, along with this article, if you're further interested. 

One of my recent discoveries (I'm new to R use, a terrible programmer and a worse statistician), is the use of system to invoke the OS command specified. As an example, I love Log Parser and often use it to parse or write out log events to CSV. Once in CSV they can be transformed and analyzed further in so many ways. One of the great things about R is the ability to ingest CSV and apply statical or visual methods to the data. With system, in two lines I can call Log Parser, pull the Windows security event log, write it to CSV, and create a data frame out of it that I can then do any number of other cool things with. Note: to pull the Windows security event log you need to be running with elevated privilege and need to run R as admin for this example scenario.

In short:

Set a working directory: setwd("D:/coding/R/EventVizWork")
Call Log Parser with system: system('logparser "Select * into security.csv from Security" -i:evt -o:csv')

Statistics:
-----------
Elements processed: 112155
Elements output:    112155
Execution time:     26.80 seconds

Read the results into a data frame: secevtlog <- read.csv("security.csv")

Tomorrow I'll show you what we can do with it. :-)

Russ McRee | @holisticinfosec

 

 

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Malicious spam continues to serve zip archives of javascript files
2 days ago by Brad Duncan (6 comments)

Android Stagefright multimedia viewer prone to remote exploitation
3 days ago by Rick (2 comments)

Guest Diary: Xavier Mertens - Integrating VirusTotal within ELK
3 days ago by Alex Stanford (2 comments)

Angler's best friends
4 days ago by Daniel (3 comments)

Patching in 2 days? - "tell him he's dreaming"
1 week ago by Mark (12 comments)

View All Diaries →

Latest Discussions

Systematic port scanning using a very set of IP addresses
created 3 days ago by RG (0 replies)

Fake BSOD used to scam end users
created 1 week ago by SSturby (0 replies)

Adobe releases Flash player 18.0.0.203 - addresses Flash vulnerability revealed in Hacking Team compromise
created 3 weeks ago by Brad Duncan (1 reply)

Can HPKP be used in persistent denial-of-service (DoS) attack on web sites?
created 3 weeks ago by Brad Duncan (0 replies)

Detecting lateral movement by NIDS/IPS (netcat or psexec)
created 1 month ago by DrGreen (2 replies)

View All Forums →

Latest News

View All News →