Consulting & Training for Today's Business
EZ Snort Rules: Find the Truffles, Leave the Dirt: Writing your own Snort IDS rules may seem like a daunting task at first, but it's really not difficult. Learn rule-writing basics and start finding the truffles in your network today!
Open Source Network Security Monitoring With Sguil: Sguil is the de facto reference implementation of the Network Security Monitoring (NSM) methodology. Find out how Sguil can help your IDS analysts do their job faster and more efficiently.
Developing a Security Awareness "Boot Camp": August 2005 feature article by David Bianco for Information Security Magazine. Get your users up-to-speed without breaking the bank (or going crazy).
Who Do You Trust? October 2003 feature article by David Bianco for Information Security Magazine. Your own people may be your biggest vulnerability. Learn how to deal with the insider threat to your systems.
Mailmon: A wrapper for Dug Song's mailsnarf program to make it easier to capture emails that match any of a series of regular expressions.
Misc bugfixes for PADS on Linux [README]: Patches for PADS 1.2 that fix several bugs on Linux systems.
PADS VLAN patch: Patch to add 802.1Q VLAN tag support to PADS v1.2. Without this, PADS ignores all VLAN traffic.
Tcpflow VLAN patch [README]: Patch to add 802.1Q VLAN tag support to tcpflow v0.21. Without this, tcpflow is unable to process VLAN traffic, and just ignores it.
Tcpxtract VLAN patch: Patch to add 802.1Q VLAN tag support to Tcpxtract 1.0.1. Without this, tcpxtract ignores all packets with VLAN tags, and thus you'll never be able to extract files from the packet captures.