A short while ago, I floated the idea of a weekly video series with short lessons about packets, protocols, and networks. Today, we are kicking of “Packet Tuesday”. Packet Tuesday, as the name implies, will release a new video each Tuesday. We will discuss packets in detail. See the first two videos below. For future […]

DNSSEC has had a rough ride so far. I usually say that the mistake made with DNSSEC was that security came first in the design, ahead of usability. The result is that the implementation of DNSSEC is usually compliance driven and not widespread. There are two parts to implementing DNSSEC: DNSSEC Validation: This is done […]

Now that we understand the vulnerability and exploit, as well as having performed packet analysis using TShark and automated using Snort3, time to use Zeek against this pcap. Looking at Zeek from 3 different perspectives. First we will be running Zeek against the pcap to see what shows up. Second will be a Zeek signature […]

Now that we have a better understanding of the vulnerability, how it is being exploited, as well as how we can use packet analysis to understand the activities seen on the network, let’s now use Snort3 to  automate our future detections, thus reducing that dwell time. First up, I will create my own Snort configuration […]

Note: If you wish to follow along, the PCAP is on GitHub. Now that I have a better understanding of the Log4j vulnerability and exploitation from a practical perspective, it is time to detect this activity via packet analysis. Any attack that leaves one host and interacts with another, will leave traces of packets on […]