I really love using the ELK stack for multiple things and projects, mainly centred on security. But in order to use ELK one of the main requisites is to deploy an Elasticsearch cluster. In this guide, I will explain how to deploy, configure and secure your cluster. Also, it is necessary to say that this guide is written for Elasticsearch 7.2.

I am choosing the 7.2 version because is the version used in the Elastic Certified Engineer exam, and I am planning to take that exam. So without further delay let’s start to deploy and configure our cluster.

Download Elastic

First of…

Incredible open-source software trading

Last few years I have been trading cryptocurrencies and as a computer scientist, I always been interested in automated trading bots. I have read some stories and saw some videos about this topic. So I decided to try this technology. But first of all, a little advise, I am not an investment expert so be aware of the risk of trading. Do not gamble with money you are not willing to lose. After this little introduction, let's see how we can start with automated trading.

Do not reinvent the wheel

Every time I am thinking about a new software project, I…

Setting up your own mobile penetration lab

Recently I was hired to give a course about mobile security. Apart from the
OWASP Mobile Top 10, one of the basics for performing mobile or app penetration testing is to have Lab.

In this guide, I will explain the basics to set up an Android mobile pentesting lab. iOS apps are also susceptible to analysis but it is more accessible to set up an Android lab. Probably in the future, I will write a guide about how to set up and iOS mobile pentesting lab. Anyway, let’s start!!

In order to set…

Setting up a quick WiFi MITM scenario using berate_ap + mitmproxy

Since I started to work, around the end of 2013, I always find interesting WiFi security. Along all these years I tested several tools for performing WiFi security attacks, and each tool has its strength and weaknesses. One attack I always like to perform, teaching some classes or performing certain audit exercises, is a MITM WiFi attack. So here is a little tutorial about how to set up a MITM scenario using berate_ap and mitmproxy.

A little introduction to WiFi security

But before entering with the setup I think is better to explain some basic…

Last week a CTF event organized by the Spanish Guardia Civil was organized, the II NATIONAL CYBERLEAGUE GC. This challenge is oriented to students, due to that reason I could not participate. But I have I friend who participate, He knows I love forensic challenges so He sent me one of the challenges that were part of the competition. Their team did not manage to solve this challenge so let’s see what was about and how to solve it.

Evidence

There are two files:

• container
• snap.vmem

If you have played other CTF challenges this seems a little obvious but let it…

Last week I released torrentMonitor publicly and I have been using it for tracking Disney+ Mulan downloads. Disney Mulan is being exclusively streamed in Disney+ and a lot of users are avoiding paying Disney to see the movie.

From the 18th of November until the 30th of November I have been tracking the three most popular torrents sharing Mulan. All the data collected has been saved into an elasticsearch cluster for further analysis. I obtained more than 50 thousands unique IPs in twelve days. …

Python and elasticsearch for torrent tracking

A few weeks ago I read a news about how new Disney’s Mulan has become one of the most pirated films in all history. The previous article presented some stats about user downloads, and I always thought about doing something similar. So let’s see how we can create our tracker system.

BitTorrent protocol

Nowadays direct downloads seem to be a thing of the past and the most popular option for download content is the BitTorrent network. BitTorrent has been evolving since its initial release in 2001 and their DHT usage made almost impossible to forbid access…

Secure monitoring of networks using ELK stack, Packetbeat and Suricata

If you want to secure a network segmentation it is not the only thing that you need. We are now facing companies with multiple devices that need to be protected. Nowadays it is absolutely necessary to monitor your network and devices, every organization should collect all the possible security information about their devices and networks. If you do not monitor your network or devices, how will you be able to detect what is normal behaviour or an attack? There are obvious malicious attacks but earlier detection is crucial in any…