OSSEC will be represented at the 2007 IT Underground Conference, in Warsaw(Poland), where I will be speaking about Log-Based Intrusion Detection (using OSSEC of course). It is going to be a hands on, 1 hour presentation, where everyone will be invited to bring their own laptops and actively participate on it. If you live in Poland (or near by), make sure to attend to lean more about LIDS, OSSEC and log analysis.
Category: Community Contribution
bookmark_borderOSSEC at the “Own the Box” competition
Paul Ziegler (tatsumori) sent me a very interesting e-mail explaining how he used OSSEC to protect his box at the Defcon’s 15 “Øwn the box” competition.
During Defcon15 there was a new kind of contest called the “Øwn the box” competition where anyone who 0wned a box got to take it home. I was over there as a speaker so I thought it might be fun to try defending a box. My box was based on Gentoo-Linux and hardened using various techniques…
So the results were recently published on the DC-Homepage (http://defcon.org/) – and if you look closely there is this line saying “Most evil entry: Tatsumori (Gentoo Hardened with arp poisoning evilness)” The arp-foo was actually done using scapy, but I scripted it as an active response for OSSEC 1.2. So part of my success to survive there (and really make people curse out while hacking) is OSSEC.
It’s great modularity and easy extensibility makes creating kick-ass crazy dedicated solutions so much easier then it was ever before.
He also posted some information at his blog. Very cool stuff Paul!
bookmark_borderCool ossec logo/mascot
James Throgmorton sent to me a very cool mascot that he did for ossec. It is based on the 300 movie and looking pretty good.
I was also playing with IMG2TXT and it is generating some very good ascii-based logos for ossec. Check out one example here.
On a side note, RichM fromEthical Hacker posted a “Quick and dirty tutorial on getting OSSEC, the open source IDS that’s #2 on insecure.org, running on the Business Card ISO of Debian. Now go out there and start keeping an eye on your network.” .. Good stuff!
bookmark_borderSecurity Horizon journal
If you never read (or didn’t know) the Security Horizon journal you are missing on the good stuff. They release their security journal every few months with some interesting articles and their summer 2007 edition was just made available today.
If that wasn’t enough, they have an article about OSSEC, written by Chuck Little, entitled: “OSSEC-HIDS: Documenting my Further Adventures in Intrusion Detection” (on page 20). Excelent read!
bookmark_borderHIDS are from Mars, NIDS are from Venus
Chuck MdMonk wrote a very funny article, HIDS are from Mars, NIDS are from Venus and even found a way to put ossec in the middle as a relationship counselor. Very nice read…
bookmark_borderOSSEC on Network security hacks
I was very pleased to find out that OSSEC was featured on hack 86 – Centrally Monitor the Security Posture of Your Servers (under chapter 8 – Logging) of the Network Security Hacks (2nd edition) book.
I had the opportunity the browse through the contents and it seemed pretty good, although the author used a very old version (0.8) on their examples. Anyway, if you have a Safari account you can check it out online or you can buy the book .. Since he mentions OSSEC, it must be very good 🙂
bookmark_borderOSSEC Presentations at AusCERT/Confidence
During the month of May I went to AusCERT and Confidence to talk about OSSEC (i.e. Log analysis using OSSEC). On both presentations I mentioned LIDS (Log-Based intrusion detection), and provided an overview of the ossec architecture and how to write decoders and rules. If you want to learn a bit more about ossec, take a look at them.
**Note that both presentations are very similar, but the AusCERT one is a bit more organized, so recommended to be read first.OSSEC at AusCERT (Log-based Intrusion detection using OSSEC).OSSEC at Confidence (Log analysis using OSSEC).
Hope you enjoy!
bookmark_borderOSSEC on AusCERT 2007
If anyone is noticing that I am too quiet lately, it is because of looong hours in the plane (first Canada to Poland, now Canada to Australia). Anyway, this week I will be representing OSSEC at AusCERT 2007 and my presentation will be “Log-based Intrusion detection using OSSEC“. If you want to learn more about OSSEC and log analysis, it is a good opportunity.
Btw, if there is any OSSEC user attending the conference, let me know and we can get together and chat somewhere. Specially considering that they reduced my talk to only 35 minutes, I will not be able to talk about everything I wanted…
bookmark_borderOSSEC at CONFIDENCE 2007
OSSEC will be represented at CONFIDENCE 2007 where I will be speaking about Log analysis using ossec. If you live in Poland (or near by), and want to learn a little more about OSSEC, make sure to attend. Some great speakers will be there, including Anton Chuvakin, Richard Bejtlich, etc.
I will make sure to provide a link to the presentation once the conference is over.
bookmark_borderOSSEC Logo chosen!
Our logo/mascot contest has just finished and we have a winner (and a brand new logo)! The Winner is Andres Armeda from Applied Watch with the following design:
We also want to thank all the other designs that were sent to us, and say that they were all great! We really appreciate the contribution.
Check out all the submissions here and the final contest page.
Thanks again everyone!! I want so much a t-shirt out of this logo.. 🙂