On March 28, 2022, Mandiant published a blog post entitled “Forged in Fire: A Survey of MobileIron Log4Shell Exploitation” that I helped author.
Back in December when CVE-2021-44228 (the Log4j vulnerability) dropped, I analyzed exploitation and post-exploitation attempts. Some of my findings made it directly into the blog post.
Recently my employer, Brigham Young University, presented me with the SAERA Award for accountability and results.
On March 23, 2021 I found myself in a Zoom meeting, which was not out of the ordinary after a year working from home. This was a broader team meeting called together by the CISO, so I figured it was some type of news or major discussion.
After an introduction to some guests on the call, one of the guests began to say we’re here to recognize someone for their contributions to the university. I immediately thought of several people on the call who are outstanding employees.
Suddenly, I heard my name. Wait, did I really? Yes, I had. Everyone was looking at me. Well, their images seemed to look at me. I was quite surprised and speechless. After some stammering, I thanked my manager who nominated me, those from HR who reviewed and approved the award, and the team for their encouragement and support.
What is the BYU SAERA Award? It is the Staff and Administrative Employee Recognition Award given to those who demonstrate the university values, abbreviated CRITERIA, in their work such as:
- Respect for Sacred Resources
- Exceeding Customer Expectations
- Respect for All Individuals
- Accountability and Results
I was given the award for demonstrating the value of “Accountability and Results” for handling an unexpected and difficult project. Although the award recognizes the specific work I did, it is also an acknowledgement of consistently demonstrating the university values in my work. I am honored to receive this award.
The Bro IDS is great at analyzing network traffic, not to mention it’s very capable at detecting and logging issues that it finds in your network traffic. It’s amazing that an open-source project has progressed this far. This post covers configuring Bro and running it.
Let’s review what we have covered in part one and part two of this guide:
- Prerequisites for Bro IDS are installed, including:
- Other needed packages
- OS settings are adjusted, including:
- Memory/buffers settings are adjusted
- Bro is compiled
- Plugins are compiled and installed, including:
- Setcap (which enables some permissions for non-root users)
This section will go into configuring various settings in Bro, then starting Bro. We’ll also explore how to check on the health of Bro.