- Understanding Packet Crafting - The Windows IPv6 Vulnerability - CVE-2024-38063: Remote Kernel Exploitation via IPv6 - Securitynik
First up, this post is significantly influenced by Miloš ynwarcs script for the above vulnerability. My objective here is to simplify the understanding of what the script is doing. If you intend to follow along, see: https://github.com/ynwarcs/CVE-2024-38063/tree/main for the original script. In the SANS SEC503, we use Scapy a lot for instructing on packet crafting […]
- Beginning Fourier Transform - Detecting Beaconing in our networks - Securitynik
Before digging any deeper, I must state, this notebook/post heavily leverages the work done by Joe Petroske on “Hunting Beacon Activity with Fourier Transforms” along with his notebook on GitHub at https://github.com/target/Threat-Hunting/blob/master/Beacon%20Hunting/find_beacons_by_fourier.ipynb. More importantly, it ties together what we teach in the SANS SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals as a […]
- Beginning SiLK - Systems for Internet Level Knowledge - working with network flow data - Securitynik
Silk is one of the tools used to analyze network flow data and something we teach in the SANS SEC503, Network Monitoring and Threat Detection. In this post, I am walking through some of the tools within the SiLK suite, to show their basic and somewhat common usage. There is no specific order to their […]
- Solving the CTF challenge - Network Forensics (packet and log analysis), USB Disk Forensics, Database Forensics, Stego - Securitynik
At work, we develop and run various Cyber Security challenges to help the Analyst (and the rest of the team) to rapidly build and demonstrate their skillset. This challenge was put together by one of our Managers Jean. I thought this was an interesting challenge that covered a number of areas. As a result, I […]
- Packet Crafting - Tearing down a connection with TCP Reset - Securitynik
In a previous post, I crafted a TCP 3-way handshake, to setup a connection with a remote device. In this post, we are going to sniff traffic between two devices and send a RST packet to tear down the connection. Think about what your IPS does as you go through this post. First up, the […]