Sasha the Dancing Flamingo<p>🦩💻✨ Homelabs Just Got Sassier ✨💻🦩</p><p>Hi hi, it’s me—Sasha the Flamingo, resident homelab hacker and surveillance sorceress.</p><p>You know how most people build a humble little lab with a router and maybe a VM or two?</p><p>Well. I may have gone full flamboyance with it.</p><p>I just added not one, but TWO AI-powered nodes to my homelab talk, and let me tell you—they’re fabulous:</p><p>🎥 SashaCam 5000 – A Raspberry Pi 5 with night vision, a Hailo-8 AI hat, and a USB camera that detects intruders and cats in real time. It logs, it snapshots, it even side-eyes suspicious activity at 2am.</p><p>🧠 FlamingoSec IDS+LLM Rig – Another Pi 5 with NVMe SSDs and a Coral USB accelerator running Suricata, forwarding logs to Wazuh, and summarizing alerts with a local LLM. It’s like having a tiny SOC that never sleeps… but in hot pink.</p><p>No cloud. No license fees. Just open source, smart birds, and slightly overcaffeinated engineering.</p><p>Adding both of these to my homelab presentation to show that you don’t need a rack of servers to build something powerful, weird, and downright useful.</p><p>Stay tuned. Things are about to get very… feathered.</p><p>— Sasha 🦩🔐💾</p><p><a href="https://infosec.exchange/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homelab</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://infosec.exchange/tags/raspberrypi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>raspberrypi</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wazuh</span></a> <a href="https://infosec.exchange/tags/suricata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>suricata</span></a> <span class="h-card" translate="no"><a href="https://infosec.exchange/@rnbwkat" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>rnbwkat</span></a></span></p>
med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon
Administered by:
Server stats:
362active users
med-mastodon.com: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#wazuh
0 posts · 0 participants · 0 posts today
securityaffairs<p><a href="https://infosec.exchange/tags/Mirai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mirai</span></a> botnets exploit <a href="https://infosec.exchange/tags/Wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wazuh</span></a> RCE, Akamai warned<br><a href="https://securityaffairs.com/178830/malware/mirai-botnets-exploit-wazuh-rce-akamai-warned.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/178830/mal</span><span class="invisible">ware/mirai-botnets-exploit-wazuh-rce-akamai-warned.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a></p>
Dave Thacker<p><a href="https://techtoots.com/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homelab</span></a> installation of <a href="https://techtoots.com/tags/wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wazuh</span></a> fails. It's time for bed. I know the root cause and I'll make better mistakes tomorrow. Good Night. </p><p><a href="https://techtoots.com/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a></p>
The Chris Dantes<p>Today's <a href="https://social.linux.pizza/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosted</span></a> project is to configure <a href="https://social.linux.pizza/tags/Wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wazuh</span></a> to stop ransomware attacks. I don't use Windows much, so I'll probably never know of it works, and of it doesn't, I don't save things locally. But it's a nice day out, so I should stay inside.</p>
The Chris Dantes<p>I think the best part about having a <a href="https://social.linux.pizza/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homelab</span></a> is that it reminds me that I'm stupid and don't know enough. I got <a href="https://social.linux.pizza/tags/wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wazuh</span></a> installed and some agents setup. Now I need to learn what to do with this information.</p>
Phil<p><span>I have a very strange issue with my VPS.<br><br>I am setting up wazuh for my personal use, and while the software seems to run just great, I'm unable to connect agents to it. <br><br>1. Wazuh </span><i>does</i><span> bind the ports (1514, 1515) properly. At least, netstat tells me to.<br>2. I can tcpdump on these ports, and see activity on 1515 (agent registration port).<br>3. The SYN packets never get a response from my VPS. It's like Wazuh is binding the ports, but isn't getting the packets or responding to them. <br><br>I'm completely out of ideas. The Wazuh community Discord has been unhelpful, so far. <br><br>I suspect ghosts.<br><br>Any help?<br><br></span><a href="https://fed.bajsicki.com/tags/wazuh" rel="nofollow noopener" target="_blank">#wazuh</a> <a href="https://fed.bajsicki.com/tags/sysadmin" rel="nofollow noopener" target="_blank">#sysadmin</a> <a href="https://fed.bajsicki.com/tags/linux" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://fed.bajsicki.com/tags/selfhosted" rel="nofollow noopener" target="_blank">#selfhosted</a></p>
Marcel SIneM(S)US<p><a href="https://social.tchncs.de/tags/Opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Opensource</span></a>-Sicherheitsplattform: Kritische Lücke in <a href="https://social.tchncs.de/tags/Wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wazuh</span></a> erlaubte Codeschmuggel | Security <a href="https://www.heise.de/news/Opensource-Sicherheitsplattform-Kritische-Luecke-in-Wazuh-erlaubte-Codeschmuggel-10279201.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Opensource-Siche</span><span class="invisible">rheitsplattform-Kritische-Luecke-in-Wazuh-erlaubte-Codeschmuggel-10279201.html</span></a> <a href="https://social.tchncs.de/tags/Patchday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Patchday</span></a></p>
Marcel SIneM(S)US<p><a href="https://social.tchncs.de/tags/Wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wazuh</span></a>: Unternehmenssicherheit mit <a href="https://social.tchncs.de/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> | iX | heise magazine</p><p>Angesichts ständiger Cyberangriffe ist der Schutz der IT-Infrastruktur für jedes Unternehmen ein Muss. Die lizenzkostenfreie Securityplattform Wazuh vereint umfangreiche Monitoring- und Abwehrfunktionen. </p><p><a href="https://www.heise.de/select/ix/2024/12/2429208320742870390" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/select/ix/2024/12/242</span><span class="invisible">9208320742870390</span></a></p>
nemo™ 🇺🇦<p>Frank Neugebauer erklärt die Vorteile der Open-Source-Securityplattform Wazuh. 🛡️💻 Sie bietet umfassende Funktionen wie Log-Analyse und Intrusion Detection, ideal für Unternehmen mit begrenztem Budget! 💰✨ Wazuh ist eine kosteneffiziente Lösung, die technisches Know-how erfordert. Wer bereit ist, Zeit und Aufwand zu investieren, findet hier eine starke Alternative zu kommerziellen Anbietern. <a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mas.to/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mas.to/tags/Wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wazuh</span></a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a> </p><p><a href="https://www.heise.de/news/Drei-Fragen-drei-Antworten-Die-Open-Source-Securityplattform-Wazuh-10195078.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Drei-Fragen-drei</span><span class="invisible">-Antworten-Die-Open-Source-Securityplattform-Wazuh-10195078.html</span></a></p>
deftpunk ❌<p><a href="https://fosstodon.org/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> Anyone have practical experience with <a href="https://fosstodon.org/tags/wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wazuh</span></a> xdr/siem? If so, I'd be interested re: your thoughts/exerience.</p>
undead<p>And, maybe I could be wrong about this? Maybe I'm not seeing a hidden colon somewhere that they say MUST cause this issue? :flan_shrug:</p><p>But I'm probably not. What I am doing is documenting all of my expectations and findings in my mailing list exchange with <a href="https://hackers.town/tags/wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wazuh</span></a> so another user doesn't have to go through this again. As much as it sucks to nitpick about details and probably frustrate the other person, nobody should have to spell this out again, whether or not I'm wrong. If I'm assuming this, then others will as well.</p>
undead<p><a href="https://hackers.town/tags/Wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wazuh</span></a> agent configurator could use some work.</p>
Pollito<p>Wazuh and MITRE Caldera Using FreeBSD Jails <a href="https://freebsdfoundation.org/our-work/journal/browser-based-edition/wazuh-and-mitre-caldera-using-freebsd-jails/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">freebsdfoundation.org/our-work</span><span class="invisible">/journal/browser-based-edition/wazuh-and-mitre-caldera-using-freebsd-jails/</span></a> <a href="https://mastodon.sdf.org/tags/wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wazuh</span></a> <a href="https://mastodon.sdf.org/tags/mitre" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mitre</span></a> <a href="https://mastodon.sdf.org/tags/mitrecaldera" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mitrecaldera</span></a> <a href="https://mastodon.sdf.org/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.sdf.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.sdf.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.sdf.org/tags/appjail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appjail</span></a> <a href="https://mastodon.sdf.org/tags/jail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jail</span></a> <a href="https://mastodon.sdf.org/tags/jails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jails</span></a></p>
Vitex<p><span class="h-card"><a href="https://witter.cz/@kayla_eilhart" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kayla_eilhart</span></a></span> <span class="h-card"><a href="https://mastodon.rfc1925.org/@ondrej" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ondrej</span></a></span> Nedavno jsem sebral odvahu a nasadil na svoji infrastrukturu <a href="https://f.cz/tags/wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wazuh</span></a> a jsem zděšen! Kdybych každý den opravil jednu věc co se tomu nelíbí, tak nebudu nikdy hotov. <a href="https://f.cz/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a></p>
ChiefGyk3D<p>I may be getting <a href="https://social.chiefgyk3d.com/tags/Crowdstrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Crowdstrike</span></a> for my homelab in a few months. I want to see about tying it into <a href="https://social.chiefgyk3d.com/tags/Wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wazuh</span></a> eventually and covering all my desktops and servers.</p>
ChiefGyk3D<p>I’m about $300 away from my goal of purchasing a new <a href="https://social.chiefgyk3d.com/tags/pfsense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pfsense</span></a> firewall. Once I transfer everything to the new firewall I will try and do a <a href="https://social.chiefgyk3d.com/tags/twitch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>twitch</span></a> stream setting up a firewall from scratch using my cell backup internet. Then once I run through that for y’all I will wipe it clean and make the current box a <span class="h-card"><a href="https://grafana.social/@grafana" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>grafana</span></a></span> and <a href="https://social.chiefgyk3d.com/tags/SIEM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIEM</span></a> box using <a href="https://social.chiefgyk3d.com/tags/Wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wazuh</span></a> probably. </p><p>So if you want to help out please tip me in my links or subscribe on <a href="https://social.chiefgyk3d.com/tags/tiktok" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tiktok</span></a> or twitch <a href="https://social.chiefgyk3d.com/tags/streamer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>streamer</span></a> <a href="https://social.chiefgyk3d.com/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://social.chiefgyk3d.com/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://social.chiefgyk3d.com/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.chiefgyk3d.com/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
K. Latham<p>NetworkChuck did a great little tutorial about <a href="https://mastodon.social/tags/Wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wazuh</span></a>: <br><a href="https://youtu.be/3CaG2GI1kn0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/3CaG2GI1kn0</span><span class="invisible"></span></a></p>
K. Latham<p>Looking at <a href="https://mastodon.social/tags/Wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wazuh</span></a> this morning. <a href="https://wazuh.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">wazuh.com/</span><span class="invisible"></span></a></p><p>See if I can convince the powers-that-be here at the office to try it out. </p><p>I think they want to be hands-off though. Use a third-party like Connectwise for <a href="https://mastodon.social/tags/SIEM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIEM</span></a>.</p>
kravietz 🦇<p><span class="h-card"><a class="u-url mention" href="https://dadalo.pl/@dadalo_admin" rel="nofollow noopener" target="_blank">@<span>dadalo_admin</span></a></span> </p><p>Large part of my work is in the infrastructure security sector and I think I can help at least with some of these challenges you described:</p><ul><li>there are databases of IP addresses and subnets that are known to run dumb, persistent scanners, bruteforcers etc - these should be blocked right away at the firewall level and that’s the first line of defense; the lists are usually updated every hour or daily</li><li>more sophisticated spam/hacking teams cycle their IP addresses, use Tor or set up dedicated infrastructure for your campaign only, but then so are the intrusion detection tools - <a class="hashtag" href="https://agora.echelon.pl/tag/wazuh" rel="nofollow noopener" target="_blank">#Wazuh</a> and <a class="hashtag" href="https://agora.echelon.pl/tag/crowdsec" rel="nofollow noopener" target="_blank">#Crowdsec</a> are two solutions I have been using a lot that will allow you to block an IP address instantly when a suspicious pattern is detected <em>in your logs</em>, which basically allows you to block them on the spot</li></ul><p>These tools deal with HTTP server logs or application logs, so you can usually do whatever kind of matching you can come up with and write custom signatures such as “a 10 characters long alphanumeric usernames created from the same IP over 15 minutes”. They are not silver bullets as any such tool can be bypassed by a sufficiently resourced and sophisticated team, but they <em>significantly</em> increase the cost of the campaign for the attacker.</p><p>I don’t have any Mastodon instances but have implemented them for Pleroma, NextCloud and many other solutions, so happy to help with deployment for your Mastodon instance if interested.</p><p><span class="h-card"><a class="u-url mention" href="https://infosec.exchange/@briankrebs" rel="nofollow noopener" target="_blank">@<span>briankrebs</span></a></span> <span class="h-card"><a class="u-url mention" href="https://oisaur.com/@renchap" rel="nofollow noopener" target="_blank">@<span>renchap</span></a></span> <span class="h-card"><a class="u-url mention" href="https://mastodon.bentasker.co.uk/@ben" rel="nofollow noopener" target="_blank">@<span>ben</span></a></span></p>
Jesse Harris<p>Been busy setting up a <a href="https://infosec.exchange/tags/Wazuh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wazuh</span></a> server in my <a href="https://infosec.exchange/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homelab</span></a>. It's a class assignment, but I've been meaning to do it anyway and am glad to have the push to get it done.</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload