Packets or it didn't happen!
  • Beginning Web Shell: The basics and some detection / The Importance of Full Packet Captures - Securitynik
    Recently, there has been lots of press on web shells, so I figure I should take some time to dig into it a bit more. Microsoft announced in February this year, that it had seen about 140,000 encounters of these threats on a monthly basis. This is just about double what was seen in 2020 at 77,000 […]
  • TShark: Working with statistics - Securitynik
    Continuing this series promoting the SANS SEC503: Intrusion Detection in Depth. In this post, we are looking at TShark statistics menu. To see the statistics available, we leverage tshark -z help: Below shows a snapshot of this output. ┌──(root💀securitynik)-[~/tshark-series] └─# tshark -z help tshark: The available statistics for the "-z" option are: ... conv,eth conv,fc […]
  • TShark : Finding data with "contains" and "matches" (Regular Expression) - Securitynik
    Recently, I’ve been working with the SANS Institute on some Livestream sessions, promoting the SEC503: Intrusion Detection In Depth class. As a result, I produced some videos using TShark. In the first of those videos, we did an intro to TShark by focusing on reconnaissance at the IP layer. In the second session, we focused on […]
  • Snort3 on Ubuntu 20 - Housekeeping - AppID, RNA, Performance Monitoring, Profiling, JSON Logging, Other config, etc. - Securitynik
    Now that your Snort3 has been installed and you have confirmed all your tests are working as expected, and you then fed the pig, your next step is to configure Snort3 for your specific environment. This philosophy should also be the same for any security tool you are using. Let’s customize Snort3 for our environment. […]
  • Snort3 on Ubuntu 20 - Feeding and testing the pig - rules and PulledPork - Securitynik
    Now that we have installed and configured Snort3, as well as learned a little about it, let’s now looking at feeding the pig … giving it rules … and then testing those rules before we perform our housekeeping. Let’s create the directories for us to store our rules and block lists securitynik@snort3:~$ sudo mkdir /usr/local/etc/rules […]

Upcoming Events