Guy Bruneau's Handler Pages

 

 

The main purpose of my handler pages is to provide information and updates for some of the projects and presentations I have published here on this site.

Installing Pi-hole Page (Updated 11 March 2019)

My Elastic Projects Page (Updated 23 July 2023)

 

My Papers & Presentations

 
DNS Sinkhole Gold Paper (SANS GCIH)
DNS Sinkhole SANSFire Presentation (2011)
Log, Log, Log Everything Remotely (BSides Ottawa 2014)
Tips Tricks To Achieve Ludicrous Speed (RSA Global Summit 2014)
Metadata Is Like Gold, Tips Tricks To Mine It (RSA Charge 2017)
Scripting with RSA NetWitness Console and Automation Via API & SDK (RSA Charge 2019)
 

Scripts for NetWitness API, SDK & Snort Rules

Note: Before using netwitness_sdk.sh script, edit and configure with the correct IPs, user account and password. I use custom accounts for this. See RSA Charge 2019 presentation. It requires nwsdk_csv.py
 
RSA Charge 2019 Shared netwitness_sdk.sh (Update Jan 2022) & dnsmeta.sh Script with output Example
 

Snort Rule Parser

 
This script is used to parse the Snort rules to load on a NetWitness PacketDecoder. See sans.edu Internet Storm Center article how to use it available here. Download the script parsing_snort_sid.sh here.
 

NetWitness Decoder ASN Custom Feed

In order to build and load the ASN list into any decoder, follow the instructions at the beginning of the Perl script. Download the zip file which contains the XML and the Perl script to build the feed here.