Packets or it didn't happen!
  • Beginning Fourier Transform - Detecting Beaconing in our networks - Securitynik
    Before digging any deeper, I must state, this notebook/post heavily leverages the work done by Joe Petroske on “Hunting Beacon Activity with Fourier Transforms” along with his notebook on GitHub at  More importantly, it ties together what we teach in the SANS SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals as a […]
  • Beginning SiLK - Systems for Internet Level Knowledge - working with network flow data - Securitynik
    Silk is one of the tools used to analyze network flow data and something we teach in the SANS SEC503, Network Monitoring and Threat Detection. In this post, I am walking through some of the tools within the SiLK suite, to show their basic and somewhat common usage. There is no specific order to their […]
  • Solving the CTF challenge - Network Forensics (packet and log analysis), USB Disk Forensics, Database Forensics, Stego - Securitynik
    At work, we develop and run various Cyber Security challenges to help the Analyst (and the rest of the team) to rapidly build and demonstrate their skillset. This challenge was put together by one of our Managers Jean. I thought this was an interesting challenge that covered a number of areas. As a result, I […]
  • Packet Crafting - Tearing down a connection with TCP Reset - Securitynik
    In a previous post, I crafted a TCP 3-way handshake, to setup a connection with a remote device. In this post, we are going to sniff traffic between two devices and send a RST packet to tear down the connection. Think about what your IPS does as you go through this post. First up, the […]
  • Understanding and Decrypting TLS based communication - HTTP over TLS (HTTPS) - Securitynik
    As a leader in a SOC at a Managed Security Services Provider (MSSP), leading multiple teams, it is always interesting to see how new analysts may freeze when they hear the communication is encrypted. What many of these new analysts do not know, is in some cases, you may be able to decrypt this communication. […]

Upcoming Events