ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã‚’パワーアップã•ã›ãŸã€‚ - birabiraã®ã‚ã‚‚
AWSã®LightSailãŒå°‘ã—安ããªã£ã¦ã„ãŸã€‚ RAM 1Gã§ã‚‚$5ãªã®ã§ã¨ã¦ã‚‚ãŠã™ã™ã‚。 å‰å›žã®ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã¯RAM 500Mã§åˆ¶é™ãŒã¨ã¦ã‚‚多ã‹ã£ãŸã®ã§ã„ã£ãã®ã“ã¨æœ€åˆã‹ã‚‰ä½œã‚Šç›´ã—ãŸã€‚ 作るã®ã«4æ—¥ãらã„ã‹ã‹ã£ãŸã€‚ãã®ä»£ã‚ã‚ŠSystemdã‚„rsyslogã¨ã‹è‹¥å¹²ã‚ã‹ã‚‹ã‚ˆã†ã«ãªã£ãŸã€‚ã†ã‚Œã—ã„。 便宜上ã€suricataã¨ufwã‚‚ãƒãƒ‹ãƒã£ã¦ã“ã¨ã«ã—ã¦ã‚‹ã‘ã©è¨±ã—ã¦ãã ã•ã„ãªã€‚ æ§‹æˆ AWSã®VPSã«å„ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆç‰ã‚’è¨ç½®ã—ã¦ã€ãれらをS3ã«ã„ã£ãŸã‚“アップãƒãƒ¼ãƒ‰ã€‚ 自宅ã®PCã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ãŸELKã«ã¦ãƒã‚°ã‚’åŽé›†ã—ã¦åˆ†æžã™ã‚‹ã€‚ å‰å›žã¨æ¯”ã¹ã¦ufwã¨dionaeaãŒè¿½åŠ ã•ã‚ŒãŸã€‚ 使用ã—ãŸã‚‚ã® Suricata IDSã¨ã—ã¦å‹•ä½œã€‚ アクセスを一般的ãªã‚·ã‚°ãƒãƒãƒ£ã«ãƒžãƒƒãƒã•ã›ã‚‹ã“ã¨ã§ã©ã®ã‚ˆã†ãªæ”»æ’ƒãŒæ¥ãŸã‹ã‚’パッã¨ã§åˆ¤æ–ã§ãる。 Dionaea 様々ãªãƒãƒ¼ãƒˆã«å¯¾ã™ã‚‹ã‚¢ã‚¯ã‚»ã‚¹ã‚’ã‚ャプãƒãƒ£ã§ãã‚‹ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆ
blog.b-son.net
雑記系ブãƒã‚°ã€‚ã‚»ã‚ュリティã¨ã‹ã€ãƒžã‚¤ãƒ«ã¨ã‹ã€æŠ•è³‡ã¨ã‹ã€ã€ã€ / Miscellaneous Blogs. Security, miles, investments, etc ã“ã®ãŸã³ã€å¼Šç¤¾ã‚µãƒ¼ãƒ“ス「Schoo for Business(以下「本サービスã€ï¼‰ã«ãŠãã¾ã—ã¦ã€å¼Šç¤¾ã®ãŠå®¢æ§˜ã®å€‹äººãƒ‡ãƒ¼ã‚¿ãŒã€ç‰¹å®šæ¡ä»¶ä¸‹ã«ãŠã‘ã‚‹ãŠå®¢æ§˜é–“ã§é–²è¦§å¯èƒ½ãªçŠ¶æ…‹ã«ã‚ã‚Šã€ã“ã‚Œã«ã‚ˆã‚Šå€‹äººãƒ‡ãƒ¼ã‚¿ï¼ˆä¸»ã«æ‰€å±žä¼šç¤¾å・æ°å)ãŒæ¼ãˆã„ã—ã¦ã„ãŸã“ã¨ãŒåˆ¤æ˜Žã„ãŸã—ã¾ã—ãŸã€‚ãŠå®¢æ§˜ã«ã¯å¤§å¤‰ã”心é…ã‚’ãŠã‹ã‘ã™ã‚‹äº‹æ…‹ã¨ãªã‚Šã¾ã—ãŸã“ã¨ã‚’æ·±ããŠè©«ã³ç”³ã—上ã’ã¾ã™ã€‚ 本事案ã«ä¿‚ã‚‹ç¾æ™‚点ã®èª¿æŸ»çµæžœã«ã¤ã„ã¦ã€ä»¥ä¸‹ã®ã¨ãŠã‚Šã”å ±å‘Šç”³ã—上ã’ã¾ã™ã€‚ ãªãŠã€ç¾æ™‚点ã§ã¯ã€æœ¬ä»¶ã«ã‹ã‹ã‚‹æ¥ç¸¾äºˆæƒ³ã®å¤‰æ›´ã¯ã”ã–ã„ã¾ã›ã‚“。今後開示ã™ã¹ãäº‹é …ãŒç™ºç”Ÿã—ãŸå ´åˆã«ã¯é€Ÿã‚„ã‹ã«ãŠçŸ¥ã‚‰ã›ã„ãŸã—ã¾ã™ã€‚ 1. 本件ã®æ¦‚è¦æœ¬ã‚µãƒ¼ãƒ“スã«ã¦é›†åˆå¦ç¿’機能*1ã‚’ã”利用ã„ãŸã ãéš›ã€2020å¹´3月30日~2
クラウドãƒã‚¤ãƒ†ã‚£ãƒ–ãªãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã‚’AWS上ã«ä½œã£ã¦ã¿ãŸè©± - ã‚ã‚‹ç ”ç©¶è€…ã®æ‰‹è¨˜
TL;DR AWSã®ãƒžãƒãƒ¼ã‚¸ãƒ‰ã‚µãƒ¼ãƒ“スを活用ã—ã¦ä½Žã‚¤ãƒ³ã‚¿ãƒ©ã‚¯ã‚·ãƒ§ãƒ³åž‹ã®ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆç’°å¢ƒã‚’作ã£ãŸ コストも月々約$15ã§é‹ç”¨å¯èƒ½ コマンド3回ãらã„ã§èª°ã§ã‚‚デプãƒã‚¤ã§ãるよã†ã«ãªã£ã¦ã„ã‚‹ã®ã§èˆˆå‘³ãŒã‚ã‚Œã°ä½¿ã£ã¦ã¿ã¦ãれよ㪠背景 AWSã«ç½®ã低インタラクション型ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆï¼ˆsynã«å¯¾ã—ã¦synackã ã‘è¿”ã—ã¦å¾Œã¯é€ã‚‰ã‚Œã¦ãる通信を監視ã™ã‚‹ã‚„ã¤ï¼‰ã€ä»Šãªã‚‰ã‚·ãƒ£ã‚ッã¨ã‚¹ãƒ‘ッã¨å®Ÿè£…ã§ãã‚‹ã‚“ã ã‚ã†ãªã‚ã‚ã‚ã¨éŽåŽ»ã®ã‚¯ã‚½å®Ÿè£…ã‚’æ€ã„出ã—ã¦æ‚¶çµ¶ã—ã¦ã‚‹â€” Masayoshi MIZUTANI (@m_mizutani) 2019å¹´2月1æ—¥ ã¨ã„ã†æ„Ÿã˜ã§æ˜”クラウド上ã§é‹ç”¨ã—ã¦ã„ãŸãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã®ã“ã¨ã‚’ãµã¨æ€ã„出ã—ãŸã®ã§ã™ãŒã€ä»•äº‹ã§å¤šå°‘AWSã®ã‚µãƒ¼ãƒ“スをç†è§£ã—ãŸä»Šã ã£ãŸã‚‰ã‚‚ã†ã¡ã‚‡ã£ã¨ã¾ã¨ã‚‚ã«å®Ÿè£…ã§ããã†ã よãªãã€å®Ÿè£…ã™ã‚‹ãªã‚‰ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã§å®Œçµã™ã‚‹ã‚“ã˜ã‚ƒãªãã¦ã‚¯ãƒ©ã‚¦ãƒ‰ã®ãƒžãƒãƒ¼ã‚¸ãƒ‰ã‚µãƒ¼ãƒ“スã¡ã‚ƒã‚“ã¨ä½¿ã£ã¦æ¶ˆè€—ã—ãªã„作りã«ã—
EC2上ã«ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã‚’è¨ç½®ã—ã¦Kibanaã§åˆ†æžã§ãるよã†ã«ã™ã‚‹ (lurker + fluentd + elasticsearch + kibana) - Qiita
æ¦‚è¦ å‚™å¿˜éŒ²ã‚’å…¼ãã¦AWS上ã®EC2ã«ä½Žã‚¤ãƒ³ã‚¿ãƒ©ã‚¯ã‚·ãƒ§ãƒ³åž‹ã®ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆï¼ˆå®Ÿéš›ã«ä¾µå…¥ãªã©ã¯ã•ã›ãšã«æ”»æ’ƒãƒ‡ãƒ¼ã‚¿ã®åŽé›†ã‚’ã™ã‚‹ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆï¼‰ã®æ§‹ç¯‰æ–¹æ³•ã‚’ã¾ã¨ã‚ã¾ã™ã€‚構æˆã¨ã—ã¦ã¯ä»¥ä¸‹ã®ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚ 最åˆã€ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã‚’é‹ç”¨ã—ã¦ã„ãŸæ™‚ã¯ã„ã¡ã„ã¡ã‚¹ã‚¯ãƒªãƒ—トを書ã„ã¦ã„ã‚ã„ã‚調ã¹ã¦ã„ã¾ã—ãŸãŒã€ã„ã„åŠ æ¸›é¢å€’ãã•ããªã£ã¦ããŸã®ã§ã‚ã‚Šã‚‚ã®ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã¨ã—ã¦Kibanaを使ã†ã“ã¨ã«ã—ã¾ã—ãŸã€‚ インスタンスã¯ã‚„や特殊ãªæ§‹æˆã§ã€ãƒžãƒãƒ¼ã‚¸ãƒ¡ãƒ³ãƒˆã¨ã—ã¦ä½¿ã†ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆNICã®eth0ã®ä»–ã«ã€è¦³æ¸¬ç”¨ã®NIC(eth1)ã¨ã‚°ãƒãƒ¼ãƒãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’è¿½åŠ ã—ã¦è¦³æ¸¬ãƒ‡ãƒ¼ã‚¿ã«ä½™è¨ˆãªãƒ‡ãƒ¼ã‚¿ã‚’æ··ãœãªã„よã†ã«ã—ã¾ã™ã€‚eth1ã«ã¯IPアドレスã¯å‰²ã‚Šå½“ã¦ãšã€OSã¯ä¸€åˆ‡ã®å¿œç”ã‚’ã—ã¾ã›ã‚“ãŒã€ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢ãŒé©åˆ‡ã«ARPã‚„TCPã®å¿œç”ãªã©ã‚’è¿”ã™ã“ã¨ã«ã‚ˆã£ã¦è¿½åŠ ã§å‰²ã‚Šå½“ã¦ãŸã‚°ãƒãƒ¼ãƒãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ã«å¯¾ã™ã‚‹æ”»æ’ƒã‚’ã‚ャプãƒãƒ£ã—ã¾ã™ã€‚ ãƒã‚°ãƒ‡ãƒ¼ã‚¿ã¯f
クラウドãƒã‚¤ãƒ†ã‚£ãƒ–ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆ on AWS 2022春ã®é™£
å‰å›žã®ã‚らã™ã˜ 3å¹´ã»ã©å‰ã«AWS上ã«ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆç’°å¢ƒã‚’作æˆã—ã¾ã—ãŸã€‚ 大雑把ã«èª¬æ˜Žã™ã‚‹ã¨ã€ï¼ˆä¸»ã«ï¼‰AWSã®EC2インスタンスã‚ã¦ã«ã©ã®ã‚ˆã†ãªexploitãŒé£›ã‚“ã§ãã‚‹ã®ã‹ï¼Ÿã¨ã„ã†ã®ã‚’知るãŸã‚ã«ã€ EC2インスタンスã«ç®¡ç†ç”¨ã€ãŠã‚ˆã³è¦³æ¸¬ç”¨ã®Elastic IP addressã‚’è¨å®šã—ã€ãã“ã§ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã‚’å‹•ã‹ã™ ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã§å–å¾—ã—ãŸç”Ÿãƒ‡ãƒ¼ã‚¿ï¼ˆpcap)をS3ã«ä¿å˜ã—ã€Lambdaã§åˆ†æžã™ã‚‹ 分æžçµæžœã¯ CloudWatch Logs Insights ã§é–²è¦§ã§ãるよã†ã«ã™ã‚‹ ã¨ã„ã†æ§‹æˆã«ã—ã¦ã„ã¾ã—ãŸã€‚ã“ã‚Œã¯ã“ã‚Œã§ãƒžãƒãƒ¼ã‚¸ãƒ‰ã‚µãƒ¼ãƒ“スを使ã£ãŸé¢ç™½ã„構æˆã ã£ãŸã¨å½“時ã¯æ€ã£ã¦ã„ãŸã®ã§ã™ãŒã€å®Ÿéš›ã«å‹•ã‹ã—ã¦ã¿ã‚‹ã¨ã„ãã¤ã‹ã®èª²é¡ŒãŒã‚ã‚Šã€æœ€çµ‚çš„ã«ã¯é‹ç”¨ã‚’æ¢ã‚ã¦ã—ã¾ã„ã¾ã—ãŸã€‚ å‰å›žã®èª²é¡Œ 1) Elastic IP addressã®åˆ¶é™ã§ã‚¹ã‚±ãƒ¼ãƒ«ã—ã«ãã„ EC2ã¯è‡ªå‰ã§2ã¤ä»¥ä¸Šã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - tillmannw/honeytrap: a low-interaction honeypot
GitHub - ivre/masscanned: Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.
GitHub - bartnv/portlurker: Port listener / honeypot in Rust with protocol guessing and safe string display
Low Interaction Honeypots with Python · ./own.sh
GitHub - joeylane/honeypot.py: A simple low interaction honeypot written in Python.
GitHub - StefanGrimminck/zgrab2-configurations: A repository for possible zgrab2 configurations
VULNERABILITY LAB - SECURITY VULNERABILITY RESEARCH LABORATORY - Best Independent Bug Bounty Programs, Responsible Disclosure & Vulnerability Coordination Platform - INDEX
Threat Encyclopedia | FortiGuard Labs
GitHub - idealeer/xmap: XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.
Monitoring Certificate Transparency Logs Using the Elastic Stack
GitHub - jonticknor/ElasticPhish: Proof-of-concept for phishing intelligence in Elastic
GitHub - marcelog/logger_logstash_backend: Logstash backend for the Elixir Logger
GitHub - edepree/certstream-elk-ingestor: A transport script for moving data from a certstream server to Elasticsearch instance.
{{#tags}}- {{label}}
{{/tags}}