Palo Alto MineMeld Example Configuration

MineMeld is an “extensible Threat Intelligence processing framework and the ‘multi-tool’ of threat indicator feeds. Based on an extremely flexible engine, MineMeld can be used to collect, aggregate and filter indicators from a variety of sources and make them available for consumption to peers or to the Palo Alto Networks security platforms.”

It was recently open-sourced by Palo Alto and can be found on Github.

Continue reading Palo Alto MineMeld Example Configuration

Ruckus SNMP Active Users and Bandwidth Utilisation

In this post I will briefly go through the steps needed to configure your SNMP monitoring tool to get active user statistics from your Ruckus ZoneDirector. You can then use this data to map against another metric like bandwidth utilisation or anything else you might find useful in your environment.

In my set-up I have a Ruckus ZoneDirector 3000. I used PRTG as the SNMP monitoring software but any will do.

Continue reading Ruckus SNMP Active Users and Bandwidth Utilisation

Reverse SSH Tunnelling over SSL with the Raspberry Pi

In this blog I will go through the steps necessary to set-up an automatic reverse SSH tunnel between a client machine sitting in a restricted environment and a server that you control in your home/office/cloud. The reverse SSH tunnel will be encapsulated within a SSL tunnel over port 443 to evade network security appliances/firewalls.

Continue reading Reverse SSH Tunnelling over SSL with the Raspberry Pi

Random Password Generator in PowerShell

Here is a quick and dirty PowerShell script that you can use to generate pseudo-random passwords using dictionary words, numbers and special characters.

This kind of script is good for environments such as schools and universities where mass-enrolment is quite common before the start of the academic year.

You can incorporate the function in your own script or come up with something new.

Credit goes to setgetgo.com for making the random word generator API available for public use.

The code is available on my GitHub page and is a good place to check for the latest iteration of code as well as some examples. Below is the code as of 14/06/2016

<#
	.SYNOPSIS
		Generate a random password
	
	.DESCRIPTION
		Uses the setgetgo.com random word API to generate random words. A random number and special character is then appended
	
	.PARAMETER numberOfPasswords
		Number of passwords to generate. Default is 1.
	
	.PARAMETER wordLength
		Word length. Default is 8.
	
	.PARAMETER allowedSpecialCharacters
		Special characters that are allowed to be appended to the password. Default is ! * and ?
		If defining your own, use the format:
		Generate-Password -allowedSpecialCharacters "!","?",",","/"
	
	.PARAMETER maximumNumber
		Default number to append to word will be between 0 and 999.
	
	.EXAMPLE
		PS C:\> Generate-Password
		This will generate a random 8 character word, append a number between 0 and 999 and finally append a special character.
	
	.NOTES
		Additional information about the function.
#>
function Generate-Password
{
	[CmdletBinding()]
	[OutputType([string])]
	param
	(
		[Parameter(Mandatory = $false)]
		[int]$numberOfPasswords = 1,
		[Parameter(Mandatory = $false)]
		[int]$wordLength = 8,
		[Parameter(Mandatory = $false)]
		$allowedSpecialCharacters = @('!', '*', '?'),
		[Parameter(Mandatory = $false)]
		[int]$maximumNumber = 999
	)
	
	for ($i = 1; $i -le $numberOfPasswords; $i++)
	{
		$randomWord = Invoke-WebRequest -URI http://randomword.setgetgo.com/get.php?len=$wordLength
		$randomNumber = Get-Random -Maximum $maximumNumber
		$randomSpecialCharacter = $allowedSpecialCharacters | Get-Random
		Write-Output "$($randomWord.content)$randomNumber$randomSpecialCharacter"
	}
}

Office 365 Quarantine Tool

If you find yourself using the Office 365 (Exchange Online) e-mail quarantine often then you probably know how frustrating and slow it can be to quickly find and release quarantined items. Often times you’ll find yourself waiting for a few minutes only to realise it’s not doing anything. Then you have to refresh the page and re-enter your search criteria. The fact you can’t even wildcard searches is also unforgivable (it’s 2016 Microsoft, why can we not wildcard search the subject and sender fields?!)

This annoyance coupled with my eagerness to play with PowerShell led me to develop a quick and dirty quarantine tool or viewer if you like. The tool is quite basic but it will let you do the following:

  • Wildcard search the subject and sender fields
  • Configure the number of results to return
  • Release a message based on message ID

2016-06-07 20_17_07-Office 365 Quarantine Tool v012016-06-07 20_19_19-Office 365 Quarantine Tool v01
If you want to have a play with the tool, it’s on my GitHub along with the source code if you feel like suggesting some improvements.