Here goes nothing.
I have been thinking of creating a blog for quite a while, primarily to store and share small tidbits of information I come across as I muddle my way through the world of information security. Most of what I do is on the operational side of the security house. As I experiment with and work in security, I often find myself wishing I could share some of the information and processes I have used.
Most of the information I am sharing is not unique. I anticipate that many of my posts will aggregate information from a number of sources to help me document what, why, and how I did something. Don't forgot the 'why', because that is important!
Two examples of posts I have planned:
- Building and configuring a Snort IDS to run inline as a transparent bridge.
- Pulling IP addresses from Bleeding Snort rules and then querying sancp (session data) for matches.