Author: andrewtravis

FortiDeceptor for OT Honeypots

I work with a lot of enterprise manufacturing customers and the common challenge is adequately securing Operational Technology (OT) networks. These SCADA, ICS and PLC devices responsible for building products were never designed with security in mind and are an easy target for attackers. They’re also the lifeblood of...

Fortinet SD-WAN Lab Setup

As a Fortinet Systems Engineer, I will often run SD-WAN proof of concepts for my customers and have a need to create solid configs for these as well. To have this always-on lab, I utilized my VMware ESXi server to run two FortiGate VMs as Hubs and connected two...

FortiGate Zero Touch Provisioning (ZTP) & Low Touch Provisioning

Joining Fortinet as a Systems Engineer, I’m 6 months in and one of the coolest ways to deploy a FortiGate firewall is one of the many Zero Touch Provisioning (ZTP) or low touch provisioning methods. I wanted to highlight each of these here to help you plan your rollout!...

GIAC GCFA Preparation

Back in December I took my first forensics course: SANS FOR508. Low and behold the following week I would use those skills to perform forensics analysis on an old Solarwinds server not in use (but still impacted by the infected update). Fast forward to now and I passed the...

Suricata Rule Updates on Corelight

We purchased a Corelight AP3000 recently to run Zeek and Suricata and send these logs to our SIEM. This was my first time running Suricata in my environment and I quickly learned that Suricata is only as good as the rules provided to it. Downloading Suricata Rules To download...

Homebrew Temperature Monitoring

I love technology and I love to homebrew. Recently, I converted our old freezer chest to a keezer to store my homebrew kegs and commercial ones I had bought through local craft brewers. I use an Inkbird temperature controller to maintain the perfect temperature for my kegs and an...

Splunk and Azure AD Sign-Ins

We had a need to ingest Azure AD Sign-Ins to our Splunk environment to identify compromised accounts logging in from geographically improbable locations. We use Office365 for Outlook, OneDrive, SharePoint Online, Teams, etc. All of those resources make that Sign-In information very valuable to collect. We could see the...

CISSP Preparation & Exam

I recently ramped up study for my CISSP and just passed this week! In this post, I wanted to detail the resources I used to prepare for the test. Cybrary I used the Cybrary catalog of online courses as my primary method to prepare for the exam. It was...

Palo Alto VM – Multiple IP Addresses for Public Servers

I struggled to figure out how to add multiple IP addresses on the outside of my Palo Alto VM-Series in AWS. I needed to place each server’s public IP address on the Palo Alto and a lot of the guides I read were assuming you’d just do port-forwarding like...

Modern Honey Network & Raspberry Pi

I attended a talk years ago where Duke University was using a robust network of sensors managed via Modern Honey Network. It motivated me to reuse my old Raspberry Pi as a sensor, alerting on if anyone was scanning a network looking for live hosts in the reconnaissance phase....