Category: Community Contribution

OSSEC will be represented at the 2007 IT Underground Conference, in Warsaw(Poland), where I will be speaking about Log-Based Intrusion Detection (using OSSEC of course). It is going to be a hands on, 1 hour presentation, where everyone will be invited to bring their own laptops and actively participate on it. If you live in Poland (or near by), make sure to attend to lean more about LIDS, OSSEC and log analysis.

Paul Ziegler (tatsumori) sent me a very interesting e-mail explaining how he used OSSEC to protect his box at the Defcon’s 15 “Øwn the box” competition.

During Defcon15 there was a new kind of contest called the “Øwn the box” competition where anyone who 0wned a box got to take it home. I was over there as a speaker so I thought it might be fun to try defending a box. My box was based on Gentoo-Linux and hardened using various techniques…

So the results were recently published on the DC-Homepage (http://defcon.org/) – and if you look closely there is this line saying “Most evil entry: Tatsumori (Gentoo Hardened with arp poisoning evilness)” The arp-foo was actually done using scapy, but I scripted it as an active response for OSSEC 1.2. So part of my success to survive there (and really make people curse out while hacking) is OSSEC.

It’s great modularity and easy extensibility makes creating kick-ass crazy dedicated solutions so much easier then it was ever before.

He also posted some information at his blog. Very cool stuff Paul!

James Throgmorton sent to me a very cool mascot that he did for ossec. It is based on the 300 movie and looking pretty good.

I was also playing with IMG2TXT and it is generating some very good ascii-based logos for ossec. Check out one example here.

On a side note, RichM fromEthical Hacker posted a “Quick and dirty tutorial on getting OSSEC, the open source IDS that’s #2 on insecure.org, running on the Business Card ISO of Debian. Now go out there and start keeping an eye on your network.” .. Good stuff!

If you never read (or didn’t know) the Security Horizon journal you are missing on the good stuff. They release their security journal every few months with some interesting articles and their summer 2007 edition was just made available today.

If that wasn’t enough, they have an article about OSSEC, written by Chuck Little, entitled: “OSSEC-HIDS: Documenting my Further Adventures in Intrusion Detection” (on page 20). Excelent read!

Chuck MdMonk wrote a very funny article, HIDS are from Mars, NIDS are from Venus and even found a way to put ossec in the middle as a relationship counselor. Very nice read…

I was very pleased to find out that OSSEC was featured on hack 86 – Centrally Monitor the Security Posture of Your Servers (under chapter 8 – Logging) of the Network Security Hacks (2nd edition) book.

I had the opportunity the browse through the contents and it seemed pretty good, although the author used a very old version (0.8) on their examples. Anyway, if you have a Safari account you can check it out online or you can buy the book .. Since he mentions OSSEC, it must be very good 🙂

During the month of May I went to AusCERT and Confidence to talk about OSSEC (i.e. Log analysis using OSSEC). On both presentations I mentioned LIDS (Log-Based intrusion detection), and provided an overview of the ossec architecture and how to write decoders and rules. If you want to learn a bit more about ossec, take a look at them.

**Note that both presentations are very similar, but the AusCERT one is a bit more organized, so recommended to be read first.OSSEC at AusCERT (Log-based Intrusion detection using OSSEC).OSSEC at Confidence (Log analysis using OSSEC).

Hope you enjoy!

If anyone is noticing that I am too quiet lately, it is because of looong hours in the plane (first Canada to Poland, now Canada to Australia). Anyway, this week I will be representing OSSEC at AusCERT 2007 and my presentation will be “Log-based Intrusion detection using OSSEC“. If you want to learn more about OSSEC and log analysis, it is a good opportunity.

Btw, if there is any OSSEC user attending the conference, let me know and we can get together and chat somewhere. Specially considering that they reduced my talk to only 35 minutes, I will not be able to talk about everything I wanted…

OSSEC will be represented at CONFIDENCE 2007 where I will be speaking about Log analysis using ossec. If you live in Poland (or near by), and want to learn a little more about OSSEC, make sure to attend. Some great speakers will be there, including Anton Chuvakin, Richard Bejtlich, etc.

I will make sure to provide a link to the presentation once the conference is over.

Our logo/mascot contest has just finished and we have a winner (and a brand new logo)! The Winner is Andres Armeda from Applied Watch with the following design:

We also want to thank all the other designs that were sent to us, and say that they were all great! We really appreciate the contribution.

Check out all the submissions here and the final contest page.

Thanks again everyone!! I want so much a t-shirt out of this logo.. 🙂