Packets or it didn't happen!
  • DNS Option 15: Debugging DNSSEC Errors. - Dr. J
    DNSSEC has had a rough ride so far. I usually say that the mistake made with DNSSEC was that security came first in the design, ahead of usability. The result is that the implementation of DNSSEC is usually compliance driven and not widespread. There are two parts to implementing DNSSEC: DNSSEC Validation: This is done […]
  • Continuing Log4-Shell - Zeek - Detection - Securitynik
    Now that we understand the vulnerability and exploit, as well as having performed packet analysis using TShark and automated using Snort3, time to use Zeek against this pcap. Looking at Zeek from 3 different perspectives. First we will be running Zeek against the pcap to see what shows up. Second will be a Zeek signature […]
  • Continuing Log4-Shell - Snort3 Rule - Detection - Securitynik
    Now that we have a better understanding of the vulnerability, how it is being exploited, as well as how we can use packet analysis to understand the activities seen on the network, let’s now use Snort3 to  automate our future detections, thus reducing that dwell time. First up, I will create my own Snort configuration […]
  • Continuing Log4-Shell - Packet Analysis - Detection - Securitynik
    Note: If you wish to follow along, the PCAP is on GitHub. Now that I have a better understanding of the Log4j vulnerability and exploitation from a practical perspective, it is time to detect this activity via packet analysis. Any attack that leaves one host and interacts with another, will leave traces of packets on […]
  • Continuing Log4-Shell - Understanding/Testing The Exploit - Securitynik
    Now that I have an understanding of the vulnerability, time to look at its exploitation. First up, unzip the vulnerable app. ┌──(root💀securitynik)-[~/log4j] └─# unzip log4shell-vulnerable-app-main.zip Archive: log4shell-vulnerable-app-main.zip 561f11d5d934725d48028ac04db4fd0b6c18eea0 creating: log4shell-vulnerable-app-main/ extracting: log4shell-vulnerable-app-main/.gitignore inflating: log4shell-vulnerable-app-main/Dockerfile inflating: log4shell-vulnerable-app-main/LICENSE inflating: log4shell-vulnerable-app-main/README.md inflating: log4shell-vulnerable-app-main/build.gradle creating: log4shell-vulnerable-app-main/gradle/ creating: log4shell-vulnerable-app-main/gradle/wrapper/ inflating: log4shell-vulnerable-app-main/gradle/wrapper/gradle-wrapper.jar inflating: log4shell-vulnerable-app-main/gradle/wrapper/gradle-wrapper.properties inflating: log4shell-vulnerable-app-main/gradlew inflating: log4shell-vulnerable-app-main/gradlew.bat inflating: log4shell-vulnerable-app-main/screenshot.png extracting: […]

Upcoming Events