| 2011-07-07 |
Guy Bruneau to teach "Intrusion Detection in-Depth" in September 2011
SANS is pleased to return to Ottawa with one of its most requested courses - SEC503: SANS Intrusion Detection In-Depth from September 26-October 1, 2011. For complete event details please visit http://www.sans.org/ottawa-2011-cs-5. Use the discount code COINS-GB to get an additional 10% Tuition Discount which can be combined with the applicable Early Bird savings.
|
| 2011-07-07 |
Guy Bruneau has released DNS Sinkhole version 1.2!
More info on DNS Sinkhole is available here http://www.whitehats.ca/main/members/Seeker/seeker_sinkhole/Seeker_DNS_Sinkhole.html
It can be directly downloaded from sinkhole64-bit.iso or sinkhole.iso
|
| 2011-04-13 |
ASP has requested an update to point out that SANS Ottawa will be taking place from August 28th thru September 2nd 2011.
More information on the event can be found at SANS Ottawa 2011 and if you're lucky you may meet the Anonymous Security Professional there!
|
| 2011-03-06 |
Seeker has posted an updated version of Shadow IDS v7.1
It can be downloaded from 32bit and 64bit.
Documentation is available at 32bit and 64bit.
Thanks Seeker!
|
| 2010-11-07 |
Malik will be at the SC Expo in Toronto Nov 16-17 2010
If you're attending the conference and exhibit please drop by the Trustwave booth to say hi.
|
| 2010-11-07 |
Seeker has released a new ISO Image for a DNS Sinkhole.
|
| 2010-06-04 |
Seeker has released a new ISO Image for a DNS Sinkhole.
|
| 2010-02-27 |
Jamie French - aka Malik will be at RSA 2010 in San Francisco. If you're attending the show pls drop by booth 652 and say hi!
|
| 2009-12-30 |
Seeker (Guy Bruneau) has released an updated version of Shadow IDS Powered by Slackware version 6.4 32bit and also released for the first time Shadow IDS Powered by Slackware version 7.0 64bit. The 32bit version will be updated at a future time to match the latest 64bit release.
Documentation for both 32 bit and 64 bit version are available.
Downloads are available at: shadow_v6.4-i386.iso
shadow_v7.0-x86_64.iso
Thanks for the updated version Seeker! Changelog is at http://www.whitehats.ca/downloads/ids/shadow-slack/changelog.txt
|
| 11-19-09 |
Malik added an article on Drobo testing. |
| 10-14-09 |
The server will be undergoing maintenance between 2009-10-16 and 2009-10-19. Sorry for any convenience during this time of service disruption. |
| 05-13-09 |
Guy Bruneau to teach "Comprehensive Packet Analysis" in September 2009
This SANS course "Comprehensive Packet analysis" is designed to give student the skills necessary to decode network traffic with open-source tools available for Unix and Windows systems. The student will learn advance pcap packet filtering methods to decode and manipulate network traffic using tcpdump and use Wireshark to extract files (pictures, documents, executable, etc) from datastream for malware recovery, incident response and forensics analysis.
Who should attend this course?
- Incident Response analysts, firewall and network administrators looking to learn advance packet decoding skills
- Analysts looking to learn advance techniques in packet analysis
- Analysts wanting to learn how to recover and analyze files from packet streams
- Network administrators and operations professionals seeking a deeper understanding of network analysis techniques
For course details and register see http://www.sans.org/scdp-ottawa0909/description.php?tid=3402 |
| 05-13-09 |
Seeker (Guy Bruneau) has released an updated version of Shadow IDS Powered by Slackware version 6.3. Thanks for the updated version Seeker! Changelog is at http://www.whitehats.ca/downloads/ids/shadow-slack/changelog.txt |
| 04-20-09 |
Jamie is at the RSA conference. Stop by booth 729 to say hi. |
04-20-09 |
Adrien de Beaupre will be teaching the SANS course SEC 517, Cutting-Edge Hacking Techniques, June 22-24 2009 in Ottawa. The times will be 1730-2000 Monday-Wednesday at the EWA-Canada office downtown Ottawa. Suite 1600, 55 Metcalfe St (corner Queen).
This fast-paced, intermediate-to-advanced course is ideal for students who have taken a multi-day hacking course in the past and are looking to update their understanding and skills.
Visit http://www.sans.org/scdp-ottawa0609/ for more information and to register. |
01-19-09 |
Guy Bruneau to teach "Comprehensive Packet Analysis" at SANS Toronto in May 2009
This SANS course "Comprehensive Packet analysis" is designed to give student the skills necessary to decode network traffic with open-source tools available for Unix and Windows systems. The student will learn advance pcap packet filtering methods to decode and manipulate network traffic using tcpdump and use Wireshark to extract files (pictures, documents, executable, etc) from datastream for malware recovery, incident response and forensics analysis.
Who should attend this course?
. Incident Response analysts, firewall and network administrators looking to learn advance packet decoding skills
. Analysts looking to learn advance techniques in packet analysis
. Analysts wanting to learn how to recover and analyze files from packet streams
. Network administrators and operations professionals seeking a deeper understanding of network analysis techniques
For course details and register and the complete list of courses available at SANS Toronto 09: http://www.sans.org/info/37069
| 08-15-08 |
Seeker has released Shadow IDS Powered by Slackware version 6.2. Thanks Seeker!
|
| 02-09-08 |
Guy Bruneau to teach "Comprehensive Packet Analysis" at SANS Toronto in May 2008
This SANS course "Comprehensive Packet analysis" is designed to give student the skills necessary to decode network traffic with open-source tools available for Unix and Windows systems. The student will learn advance pcap packet filtering methods to decode and manipulate network traffic using tcpdump and use Wireshark to extract files (pictures, documents, executable, etc) from datastream for malware recovery, incident response and forensics analysis.
Who should attend this course?
Incident Response analysts, firewall and network administrators looking to learn advance packet decoding skills
Analysts looking to learn advance techniques in packet analysis
Analysts wanting to learn how to recover and analyze files from packet streams
Network administrators and operations professionals seeking a deeper understanding of network analysis techniques
For course details and register:
http://www.sans.org/info/23789
See the complete list of courses available as SANS Toronto 08: http://www.sans.org/info/23789
|
| 01-03-08 |
The Whitehats server will be down for maintenance for a period of time over the weekend of the 5th Jan 2008 and possibly at some point during the week of the 7th Jan 2008. Sorry for any inconvenience in advance. |
| 12-20-07 |
Shadow IDS Powered by Slackware Linux 6.1 has been released. Thank you Seeker for your continued contributions. |
| 05-29-07 |
Adrien de Beaupre (ASP) would like to announce the availability of the OSSTMM Professional Security Testing (OPST) course in Ottawa again. It will be held 16 to 20 July 2007 at the Preston St location of Cinnabar/Bell Security Solutions. For more information and links please visit ASP's members page. |
| 04-17-07 |
Guy Bruneau will be teaching SANS GIAC Security 503: Intrusion Detection In-Depth and Management 421: SANS Leadership and Management Competencies in Toronto May 7-13, 2007. There are many other great courses available. Click here http://www.sans.org/toronto07/ for more details...
Thanks,
Guy
Guy Bruneau, B.A., CD
ISSPCS, GSEC, GCIA, GCIH, GCUX
Senior Security Consultant
ipss Inc.
150 Isabella St., Suite 101
Ottawa, On K1S 1V7
Phone: 613-232-2228 Ext: 225
Cell: 613-851-6222
Fax: 613-231-4888
Toll free: 1-866-532-2207
www.ipss.ca |
| 03-25-07 |
Shadow IDS Powered by Slackware Linux 6.0 has been released. Changelog details follow:
Version 6.0 - 25 March 2007
- This is the sixth major release of Shadow IDS Powered by Slackware.
This version is based on Slackware 11.0 and Linux kernel 2.6.18
with all the lastest packages. The default kernel is for all PCs
(SCSI and IDE) and includes SMP support.
- Added support for USB drives
- Upgraded to MySQL version 5.0.33.
- Upgraded Snort to version 2.6.1.3
- Upgraded to Oinkmaster 2.0
- Upgraded p0f to 2.0.8
- Upgraded to Webmin 1.330
- Added a Webmin button in the Servers section for NIC bond0 support
for Snort. Activate the cards in /etc/rc.d/rc.local
- Upgraded DST zoneinfo file to version 2.3.6
- Upgraded slackupdate.sh to version 0.7.1
- Added ntop Network Top monitoring tool. To enable, edit
the /etc/rc.d/rc.local script and enable at booting.
For additional information on installation and configuration of the
various features of the system, please refer to the
Shadow_IDS_installation_6.0.pdf file. |
| 03-05-06 |
Ubergeek has updated content in his members section with the addition of 'ANALYST WORKING AIDE'.
This Working Aide is primarily focused on Explicit Congestion Notification and is very thorough. An excellent reference and overall refresher for novice and experienced analysts. Thank you Ubergeek! |
| 26-04-06 |
Shadow IDS Powered by Slackware Linux 5.4 has been released. Changelog details follow:
Version 5.4 - 16 April 2006
- Upgraded to Sguil version 0.6.1 all the system components. This
version now include built-in SSL encryption between the sensor(s)
and the database. Follow the install.pdf to setup encryption
between the database and the sensors.
- Added in the Webmin server section two new section: Sguil Reports
and TCP Wrappers configuration utility. The Sguil Reports are
done daily from /etc/sguild/incident_report.tcl and dumped in
/usr/local/webmin/reports/Sguil_Reports.
- Added in the Webmin server section two new options: Sguil Server
Controls and Sguil Sensor Controls used to configure sensor and
server components. These two sections are used to edit config
files and restart some of the Sguil services.
- Modified the Shadow fetchem.pl script to provide hourly reports in
Webmin under Server Sguil Reports. To configure this additional
capability on each sensors, see the install.pdf document to enable
this feature and the ShadowFilters.pdf document to understand how
to correctly configure the filters. The reports are dumped in
/usr/local/webmin/reports/Shadow/external (eth1) and internal (eth2).
- Patch Barnyard with the Sguil TCL patch to use the new Sguil
functionality
- Added a shell script to search through the Sguil pcap log files
at the command line. The script is located in the /root account
and is called sguil_pcap.sh. Just run it and fill in the blanks.
- Upgraded wget to version 1.10.2.
- Upgraded mysqltcl to version 3.02.
- Upgraded OpenSSH from version 3.9p1 to 4.3p1
- Upgraded Webmin to version 1.270
- Upgraded Snort to 2.4.4 because of security issues |
| 09-10-05 |
Shadow
IDS Powered by Slackware Linux version 5.2 has been released.
Changelog
details follow:
Version 5.2 - 3 October 2005
- Upgraded MySQL to version 4.1.13 which fixes
numerous bugs.
- Upgraded ngrep to version 1.43.
- Upgraded package util-linux.
- Upgraded Webmin to version 1.230
- Added numerous Webmin management scripts under
the Others/Custom Commands
section to assist with the management of the database server and
the sensor.
- Upgraded tcpdump to version 3.9.3 due to a
security issue
with version 3.8.3.
- Upgraded Snort to version 2.4.2. You should
check out the release
notes at http://www.snort.org/docs/release_notes/release_notes_240.txt
that details several changes including frag3 preprocessor. Added
support for Phil Woods' MMAPed pcap which is built in directly
in
Snort. Additional information available on MMAPed pcap at
http://public.lanl.gov/cpw/
- Minor update to the TCP/IP package
- Included the convert_time binary in /root to
convert compute epoch
time to regular computer time.
- Included in /etc/rc.d/rc.local NIC bonding
startup scripts for those
who would like to use IDS TAPS including ifenslave in /sbin
- Added several scripts in Webmin under Others
and Custom Commands. The
commands are used for manage the database and Snort. |
| 17-05-05 |
Shadow
IDS Powered by Slackware Linux version 5.1 has been released.
Changelog
details follow:
Version 5.1 - 1 May 2005
- Upgraded Webmin to version 1.200. Made modification
for
Webmin to see rules that are looking in both directions
such as "alert any any <> any 80". Added severy
commands
under the Custom Commands to manipulate Sguil files and
restart the daemon including testing Snort rules and
restarting the Snort services.
- Upgraded Snort to version 2.3.3.
- Added information on how to subscribe and configure
oinkmaster to download the VRT Snort Certified Rules updates.
- Enabled in the Snort configurations file the
threshold.conf
file.
- Added a new Snort Webmin button to edit and
configure the
Snort threshold configuration file. This file contains
several examples of events that can be auto-configured.
- Added a new Sguil button for the Sguil autocat.conf
file
under the Webmin custom commands tab.
- Added a new script to control the MySQL database
called
/etc/rc.d/rc.mysqld.
- Upgraded the /etc/rc.d/rc.K script to ensure
it kills al
the services associated with Sguil including MySQL
shutdown.
- Upgraded p0f to version 2.0.5.
- Added a script in /root/scripts to optimize
the
Sguil database daily. Need to add the MySQL root password
in the script by the admin for this to function properly. |
|