Utilizing Agents with REMnux AI In the last blog post I took a quick look at REMnux MCP server. Under the hood the MCP server uses Opencode to function as it’s MCP server. Upon further research I found Opencode has the ability to run custom “AI Agents”. With Agents you can have a customized workflow and have the LLM do specific (repetitive) work. This spark my interest since there is a huge time saving benefit if I could “hand off” a simpler part of my analysis tasks. Read more...

REMnux MCP Server The security focused Linux distro REMnux announced the availability of “REMnux MCP Server”. Which uses/Opencode/ to run agents on REMnux for various analysis tasks. After hearing of this announcement I was immediately excited to try it. So let’s have a quick look. Starting AI in REMnux I decided to download the container version of REMnux since I used to a container workflow. Once downloaded I used the following command to start the container. Read more...

Portable, Reusable Containers. I enjoy creating a bunch of containers for various uses. The best part is I can create a container to fit my workflow. So my tool stack become malleable and manageable. I can create, rebuild, and destroy containers as my needs require. Granted disk space and time are always a concern. But I resolve that by being intentional with my tool stack. Day to Day Toolbox Container I use Fedora Linux as my workstation OS on a daily basis. Read more...

The Art of Note Taking I was talking about building the habit of taking notes to a junior analyst the other day. I was sharing with them the importance of simply writing things down and then converting them to notes. Basically build the habit of note taking. Later I realized I forgot to teach them The Real Note Taking Hack. This hack is simple and summed up in one word: introspection. Read more...

BSIDES RGV 2025 Quick, Easy, Malware Investigations and Threat Hunting About Me Hi! I’m Eduardo Robles I work for County of Hidalgo IT dept as a Cybersecurity Analyst IV Founder of South Texas Linux Users Group. You can check out my skills on my blog or LinkedIn. Agenda Learn the basics of Malware Analysis Learn some Threat Hunting skills Small look into Digital Forensics Disclaimer Everything in this talk is my own research and opinion. Read more...

Local LLMs In Your Homelab Why experiment with LLM technology in the first place? Well simple because it’s everywhere and huge tech companies will shove it our faces every chance they get! In all seriousness, it’s actually never been easier to experiment with these Models even on low end hardware. Yes, you can experiment with LLMs by running them on a single CPU and decent RAM. Let me show you how I did it. Read more...

What is Cyberchef? Cyberchef is a tool I learned about toward the end of 2024. Since then I began using it more and more. CyberChef was developed by GCHQ and is the Cyber Swiss Army Knife web app for encryption, encoding, compression and data analysis. In the end it proved to extremely useful for Forensic Analysis and Incident Response investigations. You can use the free version online but if you want to run it in your environment you can. Read more...

Bsides Austin 2024 This is my talk for BSIDES Austin 2024 Malware Investigations Why do internal malware analysis? Existing tools Virustotal, JoeSandbox, etc. Protect sensitive information from 3rd parties. Freedom from reliance on one tool or platform. Malware is scary and dangerous, put in a box (container). Malware is scary. Malware is dangerous. So it’s best to analyze in a “contained” environment. Virtual Machines Containers (Docker, Podman, etc) Working with Malware Samples Safely moving malware around to later analyze can be daunting. Read more...

Phishing Email Analysis ClamAV ClamAV is great to scan for malware but also can scan eml files including email attachments. Use the --debug flag for more info on the scan. clamscan sample.eml Continued You can also use ClamAV to scan any suspicious file. clamscan sample.zip Investigating a malicious link To investigate a link I use a REMnux container which offers so many awesome tools. I will cover THUG and Automater. Read more...

The basics MFA is basically putting an extra step, an extra barrier to login into an app or website. This extra step is what creates security. It does not prevent attacks or stop attacks. But what it does do is simple: it makes it harder for someone to hack you. The struggle Doing extra work is never fun. No one likes to do the extra work. I don’t like doing extra work. Read more...