markofu’s blog

So if you're unlucky enough to follow me on Twitter, you'll have seen that I had a conundrum with my presentation at IrissCon :) After a little work yesterday morning, during IrissCon, I tweaked the presentation and reduced the number of slides and successfully tested my "Security Onion in EC2" demo over the hotel wifi. I even managed to show a few others what I was going to do and received good feedback :) To add to my preparation, during lunch I hooked up my laptop to the main screen in the conference and everything looked sweet, even the "live" demo ( @BrianHonan took some nice pictures also). I was so relaxed this year in comparison to previous years (I only had a 30 minute talk to do, right). Looking at Jason and the Honeyn3t lads (organisers of the CTF this year) , I recognised the bloodshot eyes and I could see the amount of stunning work that they had done (the world map of domination was simply awesome).  My relaxation was commented upon...

So firstly, this quick blog post is for Scott Runnels as he asked for it, I suppose that's what you get for saying you'll help out on an open source project :) All good! I'd a spare Dell netbook (8gb disk, 2gb ram & 1.6gb Intel Atom CPU) lying around so I figured I'd see if I could try running Security Onion off it.

This is a question, I've frequently been asked in recent years and in the last month, o n one of the internal mailing lists, in my old company, the following question was posted – In simple terms, what tasks is a Web Application Firewall (WAF) able to do that a Deep Inspection Firewall can't and why ? by one of my colleagues. Many of you may be surprised (I know I was initially) but this question still comes up an awful lot. Having answered the email (as a warning, I went into a lot of detail and plugged the awesome Security Onion ), I was requested to write a technical blog on the subject, but as I left the company soon after, the blog was never published. Therefore, to save me answering the question again, I thought I’d publish it so I can just reference the link in future J

So, as many folks know, I went to Orlando towards the end of March to attempt the GSE lab. Both before and afterwards, I received several questions about the GSE :) Therefore, instead of destroying my fingers and typing multiple individual respones, I figured I'd write a short blog on my experiences with the lab section, whilst my thoughts on the written section can be found here . Apologies, this post started off short. Firstly, let me say, that once I overcome the initial nerves (I was bricking it on the first morning), I had a great time. @Chris_Mohan and @asho_relaxo both told me that I'd have fun but I didn't believe them (in fairness, they're not trustworthy characters). Most folk enjoy the first day the most, but I loved the second morning, it was a blast, especially when you come back to that problem that you couldn't figure out and then you nail it :)