Packets or it didn't happen!
  • Packet Tuesday: Network Traffic Analysis for the Whole Family - Dr. J
    A short while ago, I floated the idea of a weekly video series with short lessons about packets, protocols, and networks. Today, we are kicking of “Packet Tuesday”. Packet Tuesday, as the name implies, will release a new video each Tuesday. We will discuss packets in detail. See the first two videos below. For future […]
  • DNS Option 15: Debugging DNSSEC Errors. - Dr. J
    DNSSEC has had a rough ride so far. I usually say that the mistake made with DNSSEC was that security came first in the design, ahead of usability. The result is that the implementation of DNSSEC is usually compliance driven and not widespread. There are two parts to implementing DNSSEC: DNSSEC Validation: This is done […]
  • Continuing Log4-Shell - Zeek - Detection - Securitynik
    Now that we understand the vulnerability and exploit, as well as having performed packet analysis using TShark and automated using Snort3, time to use Zeek against this pcap. Looking at Zeek from 3 different perspectives. First we will be running Zeek against the pcap to see what shows up. Second will be a Zeek signature […]
  • Continuing Log4-Shell - Snort3 Rule - Detection - Securitynik
    Now that we have a better understanding of the vulnerability, how it is being exploited, as well as how we can use packet analysis to understand the activities seen on the network, let’s now use Snort3 to  automate our future detections, thus reducing that dwell time. First up, I will create my own Snort configuration […]
  • Continuing Log4-Shell - Packet Analysis - Detection - Securitynik
    Note: If you wish to follow along, the PCAP is on GitHub. Now that I have a better understanding of the Log4j vulnerability and exploitation from a practical perspective, it is time to detect this activity via packet analysis. Any attack that leaves one host and interacts with another, will leave traces of packets on […]

Upcoming Events