Skip to content

Instantly share code, notes, and snippets.

@coffeewithayman

coffeewithayman/homesecops.md

Last active April 26, 2020 00:20
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save coffeewithayman/320bb4827dfbcfc62f904ecde3d010f4 to your computer and use it in GitHub Desktop.
Save coffeewithayman/320bb4827dfbcfc62f904ecde3d010f4 to your computer and use it in GitHub Desktop.
Download ZIP
Learning SecOps At Home
Raw
homesecops.md

Using Your Home for Security Operations

  1. Get a router that can at least do syslog and then do more advanced features like DPI, Etc
  1. Get Logging setup
  • Raspberry Pi with syslog on it
  • Local Splunk Server (500MB/day Free) with Splunk forwarder installed on the syslog server
  • Sumologic (500MB/Day Free) with SumoCollector installed on the syslog server Note: The reason not to send the logs directly to the Splunk/Sumo is:
    • So that's in a neutral place
    • Forensically sound
    • RAW retention and archiving policy
  1. Install Agent on your Home Machines and gather Logs
  • Sumologic Collector for MacOS or Windows (easiest)
  • Splunk Agent
  • Osquery
  1. Analyze your logs
  • Log in to Splunk/Sumo
  • Learn syntax
  • Search and explore your network. IP Addresses, DNS Requests, sort by high AND low count (one offs are interesting), Make a map

More Advanced:

  • Collect Netflow data
  • Setup a home DNS server and log DNS queries
  • Setup an AWS or GCP account and learn how to collect logs from there.

Note: Not everything is free on AWS or GCP, beware of additional charges. Contact support if you accidentally go over.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment