Gathering Windows, PowerShell and Sysmon Events with Winlogbeat – ELK 7 – Windows Server 2016 (Part II)

In part I of this series, Installing ELK 7 (Elasticsearch, Logstash and Kibana) on Windows Server 2016, I covered the following: Installing and configuring Elasticsearch, Logstash, and Kibana as Windows services Installing and configuring Winlogbeat to forward logs from the Continue reading

Installing ELK 7 (Elasticsearch, Logstash and Kibana) – Windows Server 2016 (Part I)

I am a huge fan of the Elastic stack as it can provide a great deal of visibility into even the largest of environments, which can help enable both engineering and security teams rapidly triage technical issues or incidents at Continue reading

Home Lab Setup (2017)

In this post and video I give a quick run down of my Home Lab – everything from the rack itself, to the hardware and the basics of what everything is being used for. I started this project towards the Continue reading

ELK Stack Pt. 2: Collecting logs from remote servers via Beats

In one of my recent posts, Installing Elasticsearch, Logstash and Kibana (ELK) on Windows Server 2012 R2, I explained how to setup and install an ELK server but it was only collecting logs from itself. That in itself isn’t very Continue reading

Disabling TLS 1.0 with MS SQL 2012/2014 – Services won’t start & SSMS fails to connect

Update – 2.1.2016 – I would really only use this as a last resort and I highly recommend testing this solution prior to putting it into production. At this time it does not appear that all of SQL’s features fully Continue reading

Fix the obsolete cryptography warning in Chrome on IIS 7 & 8

Update – 2.2.2016 – The ciphers originally listed in this post no longer work to fix the obsolete cryptography warning as Google has upped the requirement from DHE with AES_128_GCM to ECDHE with AES_128_GCM or CHACHA20_POLY1305. The only ciphers we Continue reading

IIS 7/7.5 Hardening SSL TLS – Windows Server 2008 R2

     One of the first steps you should do when deploying a new public facing web server is hardening your server’s SSL/TLS connections. Disabling vulnerable protocols, ciphers, hashes and key exchange algorithms can help mitigate the now more common exploits like Continue reading