Guy Bruneau's Handler Pages

 

 

The main purpose of my handler pages is to provide information and updates for the two ISO’s( DNS Sinkhole and Snort with Sguil) I have published here on this site.

DNS Sinkhole page

Snort with Sguil page

Installing rockNSM page (Updated 11 June 2019)

Installing Pi-hole Page (Updated 11 March 2019)

Installing Snorpy Page (Published 12 Jan 2019)

My Elastic Projects Page (Updated 23 Feb 2020)

 
DNS Sinkhole Script updates (26 Sep 2012)
 

My Papers & Presentations

 
DNS Sinkhole Gold Paper (SANS GCIH)
Log, Log, Log Everything Remotely (BSides Ottawa 2014)
Tips Tricks To Achieve Ludicrous Speed (RSA Global Summit 2014)
Metadata Is Like Gold, Tips Tricks To Mine It (RSA Charge 2017)
Scripting with RSA NetWitness Console and Automation Via API & SDK (RSA Charge 2019)
 

Scripts for NetWitness API & SDK

Note: Before using netwitness_sdk.sh script, edit and configure with the correct IPs, user account and password. I use custom accounts for this. See RSA Charge 2019 presentation. It requires nwsdk_csv.py
 
RSA Charge 2019 Shared netwitness_sdk.sh & dnsmeta.sh Script with output Example