Packets or it didn't happen!
  • Continuing SQL Injection with SQLMap - Detection via Packet Analysis - Securitynik
    Now that we have concluded the log analysis and detected that our system has been compromised via the SQLMap exploitation lab, let’s now see how the packets can help with detecting this activity. In the interest of time, let’s use the “pktIntel” tool from GitHub to see if this IP is known as malicious. Let’s […]
  • Continuing SQL Injection with SQLMap - Detection via logs - Securitynik
    In the previous post, we learned how to use SQLMap to perform SQL injection attacks. While it was cool that we were able to perform the attack, an important takeaway for us as defenders is being able to detect this activity. Let’s paint a scenario. As the security lead, you got a mail from your […]
  • Continuing SQL Injection with SQLMap - Exploitation - Securitynik
    A while back, I created this post on performing SQL injection manually. In this post, we take advantage of one of the most common tools used for SQL injection. In the next two posts, we will perform, log and packet analysis to detect the activity performed by SQLMap. To take advantage of the web application, […]
  • Detecting HTTP Basic Authentication Brute Force Attacks via packets with TShark - Securitynik
    In this post, we are looking at what the packets look like when unencrypted HTTP basic authentication is targeted. First up, let’s see what types of packets are in the PCAP kali@securitynik:~$ tshark -r nmap-http-brute.pcap -q -z io,phs =================================================================== Protocol Hierarchy Statistics Filter: sll frames:3162 bytes:1168718 ip frames:3162 bytes:1168718 tcp frames:3162 bytes:1168718 vssmonitoring frames:870 bytes:53940 […]
  • Installing Zeek 3.1.4 on Ubuntu 20.04 - Securitynik
    In the SANS SEC503 Intrusion Detection in Depth class, we teach you quite a lot to get you started with Zeek Network Security Monitoring. One of the things we cannot do because of time, is walk you through the installation, upgrading, etc., of Zeek. In this post, we help you to install Zeek 3.1.4, the […]

Upcoming Events