Current Threats:
None Posted

Search for:

2012-03-23 Seeker (Guy Bruneau) has released an updated version of Shadow IDS Powered by Slackware. This is version 7.2 available in both 64bit and 32bit

Documentation for both 32 bit and 64 bit versions are available.

Downloads are available at: shadow_v7.2-i586.iso
                                                  shadow_v7.2-x86_64.iso

Thanks for the updated version Seeker!
2011-07-07 Guy Bruneau to teach "Intrusion Detection in-Depth" in September 2011

SANS is pleased to return to Ottawa with one of its most requested courses - SEC503: SANS Intrusion Detection In-Depth from September 26-October 1, 2011. For complete event details please visit http://www.sans.org/ottawa-2011-cs-5. Use the discount code COINS-GB to get an additional 10% Tuition Discount which can be combined with the applicable Early Bird savings.
2011-07-07 Guy Bruneau has released DNS Sinkhole version 1.2!

More info on DNS Sinkhole is available here http://www.whitehats.ca/main/members/Seeker/seeker_sinkhole/Seeker_DNS_Sinkhole.html

It can be directly downloaded from sinkhole64-bit.iso or sinkhole.iso
2011-04-13 ASP has requested an update to point out that SANS Ottawa will be taking place from August 28th thru September 2nd 2011.

More information on the event can be found at SANS Ottawa 2011 and if you're lucky you may meet the Anonymous Security Professional there!
2011-03-06 Seeker has posted an updated version of Shadow IDS v7.1

It can be downloaded from 32bit and 64bit.
Documentation is available at 32bit and 64bit.

Thanks Seeker!

2010-11-07 Malik will be at the SC Expo in Toronto Nov 16-17 2010
If you're attending the conference and exhibit please drop by the Trustwave booth to say hi.

2010-11-07 Seeker has released a new ISO Image for a DNS Sinkhole.
2010-06-04 Seeker has released a new ISO Image for a DNS Sinkhole.
2010-02-27 Jamie French - aka Malik will be at RSA 2010 in San Francisco. If you're attending the show pls drop by booth 652 and say hi!
2009-12-30 Seeker (Guy Bruneau) has released an updated version of Shadow IDS Powered by Slackware version 6.4 32bit and also released for the first time Shadow IDS Powered by Slackware version 7.0 64bit. The 32bit version will be updated at a future time to match the latest 64bit release.

Documentation for both 32 bit and 64 bit version are available.

Downloads are available at: shadow_v6.4-i386.iso
                                                  shadow_v7.0-x86_64.iso

Thanks for the updated version Seeker! Changelog is at http://www.whitehats.ca/downloads/ids/shadow-slack/changelog.txt
11-19-09 Malik added an article on Drobo testing.
10-14-09 The server will be undergoing maintenance between 2009-10-16 and 2009-10-19. Sorry for any convenience during this time of service disruption.
05-13-09 Guy Bruneau to teach "Comprehensive Packet Analysis" in September 2009

This SANS course "Comprehensive Packet analysis" is designed to give student the skills necessary to decode network traffic with open-source tools available for Unix and Windows systems. The student will learn advance pcap packet filtering methods to decode and manipulate network traffic using tcpdump and use Wireshark to extract files (pictures, documents, executable, etc) from datastream for malware recovery, incident response and forensics analysis.

Who should attend this course?

  • Incident Response analysts, firewall and network administrators looking to learn advance packet decoding skills
  • Analysts looking to learn advance techniques in packet analysis
  • Analysts wanting to learn how to recover and analyze files from packet streams
  • Network administrators and operations professionals seeking a deeper understanding of network analysis techniques

For course details and register see http://www.sans.org/scdp-ottawa0909/description.php?tid=3402

05-13-09 Seeker (Guy Bruneau) has released an updated version of Shadow IDS Powered by Slackware version 6.3. Thanks for the updated version Seeker! Changelog is at http://www.whitehats.ca/downloads/ids/shadow-slack/changelog.txt
04-20-09 Jamie is at the RSA conference. Stop by booth 729 to say hi.
04-20-09 Adrien de Beaupre will be teaching the SANS course SEC 517, Cutting-Edge Hacking Techniques, June 22-24 2009 in Ottawa. The times will be 1730-2000 Monday-Wednesday at the EWA-Canada office downtown Ottawa. Suite 1600, 55 Metcalfe St (corner Queen).

This fast-paced, intermediate-to-advanced course is ideal for students who have taken a multi-day hacking course in the past and are looking to update their understanding and skills.

Visit http://www.sans.org/scdp-ottawa0609/ for more information and to register.
01-19-09 Guy Bruneau to teach "Comprehensive Packet Analysis" at SANS Toronto in May 2009

This SANS course "Comprehensive Packet analysis" is designed to give student the skills necessary to decode network traffic with open-source tools available for Unix and Windows systems. The student will learn advance pcap packet filtering methods to decode and manipulate network traffic using tcpdump and use Wireshark to extract files (pictures, documents, executable, etc) from datastream for malware recovery, incident response and forensics analysis.

Who should attend this course?
. Incident Response analysts, firewall and network administrators looking to learn advance packet decoding skills
. Analysts looking to learn advance techniques in packet analysis
. Analysts wanting to learn how to recover and analyze files from packet streams
. Network administrators and operations professionals seeking a deeper understanding of network analysis techniques

For course details and register and the complete list of courses available at SANS Toronto 09: http://www.sans.org/info/37069
08-15-08 Seeker has released Shadow IDS Powered by Slackware version 6.2. Thanks Seeker!
02-09-08 Guy Bruneau to teach "Comprehensive Packet Analysis" at SANS Toronto in May 2008

This SANS course "Comprehensive Packet analysis" is designed to give student the skills necessary to decode network traffic with open-source tools available for Unix and Windows systems. The student will learn advance pcap packet filtering methods to decode and manipulate network traffic using tcpdump and use Wireshark to extract files (pictures, documents, executable, etc) from datastream for malware recovery, incident response and forensics analysis.

Who should attend this course?

  • Incident Response analysts, firewall and network administrators looking to learn advance packet decoding skills
  • Analysts looking to learn advance techniques in packet analysis
  • Analysts wanting to learn how to recover and analyze files from packet streams
  • Network administrators and operations professionals seeking a deeper understanding of network analysis techniques

    For course details and register:

    http://www.sans.org/info/23789

    See the complete list of courses available as SANS Toronto 08: http://www.sans.org/info/23789

  • 01-03-08 The Whitehats server will be down for maintenance for a period of time over the weekend of the 5th Jan 2008 and possibly at some point during the week of the 7th Jan 2008. Sorry for any inconvenience in advance.
    12-20-07 Shadow IDS Powered by Slackware Linux 6.1 has been released. Thank you Seeker for your continued contributions.
    05-29-07 Adrien de Beaupre (ASP) would like to announce the availability of the OSSTMM Professional Security Testing (OPST) course in Ottawa again. It will be held 16 to 20 July 2007 at the Preston St location of Cinnabar/Bell Security Solutions. For more information and links please visit ASP's members page.
    04-17-07 Guy Bruneau will be teaching SANS GIAC Security 503: Intrusion Detection In-Depth and Management 421: SANS Leadership and Management Competencies in Toronto May 7-13, 2007. There are many other great courses available. Click here http://www.sans.org/toronto07/ for more details...

    Thanks,

    Guy

    Guy Bruneau, B.A., CD
    ISSPCS, GSEC, GCIA, GCIH, GCUX
    Senior Security Consultant
    ipss Inc.
    150 Isabella St., Suite 101
    Ottawa, On K1S 1V7
    Phone: 613-232-2228 Ext: 225
    Cell: 613-851-6222
    Fax: 613-231-4888
    Toll free: 1-866-532-2207
    www.ipss.ca
    03-25-07

    Shadow IDS Powered by Slackware Linux 6.0 has been released. Changelog details follow:

    Version 6.0 - 25 March 2007

    - This is the sixth major release of Shadow IDS Powered by Slackware.
    This version is based on Slackware 11.0 and Linux kernel 2.6.18
    with all the lastest packages. The default kernel is for all PCs
    (SCSI and IDE) and includes SMP support.

    - Added support for USB drives

    - Upgraded to MySQL version 5.0.33.

    - Upgraded Snort to version 2.6.1.3

    - Upgraded to Oinkmaster 2.0

    - Upgraded p0f to 2.0.8

    - Upgraded to Webmin 1.330

    - Added a Webmin button in the Servers section for NIC bond0 support
    for Snort. Activate the cards in /etc/rc.d/rc.local

    - Upgraded DST zoneinfo file to version 2.3.6

    - Upgraded slackupdate.sh to version 0.7.1

    - Added ntop Network Top monitoring tool. To enable, edit
    the /etc/rc.d/rc.local script and enable at booting.

    For additional information on installation and configuration of the
    various features of the system, please refer to the
    Shadow_IDS_installation_6.0.pdf file.

    03-05-06 Ubergeek has updated content in his members section with the addition of 'ANALYST WORKING AIDE'.

    This Working Aide is primarily focused on Explicit Congestion Notification and is very thorough. An excellent reference and overall refresher for novice and experienced analysts. Thank you Ubergeek!
    26-04-06

    Shadow IDS Powered by Slackware Linux 5.4 has been released. Changelog details follow:

    Version 5.4 - 16 April 2006

    - Upgraded to Sguil version 0.6.1 all the system components. This
    version now include built-in SSL encryption between the sensor(s)
    and the database. Follow the install.pdf to setup encryption
    between the database and the sensors.

    - Added in the Webmin server section two new section: Sguil Reports
    and TCP Wrappers configuration utility. The Sguil Reports are
    done daily from /etc/sguild/incident_report.tcl and dumped in
    /usr/local/webmin/reports/Sguil_Reports.

    - Added in the Webmin server section two new options: Sguil Server
    Controls and Sguil Sensor Controls used to configure sensor and
    server components. These two sections are used to edit config
    files and restart some of the Sguil services.

    - Modified the Shadow fetchem.pl script to provide hourly reports in
    Webmin under Server Sguil Reports. To configure this additional
    capability on each sensors, see the install.pdf document to enable
    this feature and the ShadowFilters.pdf document to understand how
    to correctly configure the filters. The reports are dumped in
    /usr/local/webmin/reports/Shadow/external (eth1) and internal (eth2).

    - Patch Barnyard with the Sguil TCL patch to use the new Sguil
    functionality

    - Added a shell script to search through the Sguil pcap log files
    at the command line. The script is located in the /root account
    and is called sguil_pcap.sh. Just run it and fill in the blanks.

    - Upgraded wget to version 1.10.2.

    - Upgraded mysqltcl to version 3.02.

    - Upgraded OpenSSH from version 3.9p1 to 4.3p1

    - Upgraded Webmin to version 1.270

    - Upgraded Snort to 2.4.4 because of security issues

    09-10-05

    Shadow IDS Powered by Slackware Linux version 5.2 has been released. Changelog details follow:

    Version 5.2 - 3 October 2005

    - Upgraded MySQL to version 4.1.13 which fixes numerous bugs.

    - Upgraded ngrep to version 1.43.

    - Upgraded package util-linux.

    - Upgraded Webmin to version 1.230

    - Added numerous Webmin management scripts under the Others/Custom Commands
    section to assist with the management of the database server and the sensor.

    - Upgraded tcpdump to version 3.9.3 due to a security issue
    with version 3.8.3.

    - Upgraded Snort to version 2.4.2. You should check out the release
    notes at http://www.snort.org/docs/release_notes/release_notes_240.txt
    that details several changes including frag3 preprocessor. Added
    support for Phil Woods' MMAPed pcap which is built in directly in
    Snort. Additional information available on MMAPed pcap at
    http://public.lanl.gov/cpw/

    - Minor update to the TCP/IP package

    - Included the convert_time binary in /root to convert compute epoch
    time to regular computer time.

    - Included in /etc/rc.d/rc.local NIC bonding startup scripts for those
    who would like to use IDS TAPS including ifenslave in /sbin

    - Added several scripts in Webmin under Others and Custom Commands. The
    commands are used for manage the database and Snort.

    17-05-05

    Shadow IDS Powered by Slackware Linux version 5.1 has been released. Changelog details follow:

    Version 5.1 - 1 May 2005

    - Upgraded Webmin to version 1.200. Made modification for
    Webmin to see rules that are looking in both directions
    such as "alert any any <> any 80". Added severy commands
    under the Custom Commands to manipulate Sguil files and
    restart the daemon including testing Snort rules and
    restarting the Snort services.

    - Upgraded Snort to version 2.3.3.

    - Added information on how to subscribe and configure
    oinkmaster to download the VRT Snort Certified Rules updates.

    - Enabled in the Snort configurations file the threshold.conf
    file.

    - Added a new Snort Webmin button to edit and configure the
    Snort threshold configuration file. This file contains
    several examples of events that can be auto-configured.

    - Added a new Sguil button for the Sguil autocat.conf file
    under the Webmin custom commands tab.

    - Added a new script to control the MySQL database called
    /etc/rc.d/rc.mysqld.

    - Upgraded the /etc/rc.d/rc.K script to ensure it kills al
    the services associated with Sguil including MySQL
    shutdown.

    - Upgraded p0f to version 2.0.5.

    - Added a script in /root/scripts to optimize the
    Sguil database daily. Need to add the MySQL root password
    in the script by the admin for this to function properly.

     
     

    Non-Active Sitemap

    Copyright © 2000-2014 Whitehats.ca
    Contact Information 519.221.9132 : Web Contact webmaster@whitehats.ca