- What is TLS "GREASE"? - Dr. J
Inspecting TLS handshakes in Wireshark, you may have seen a “GREASE” cipher, or a “GREASE”. For example, in the TLS Client Hello below: “GREASE” is not an actual cipher or option. It is ia bit a dirty workaround. The features is defined in RFC 8701. GREASE is an acronym and stands for “Generate Random Extensions […]
- Beginning Proxychains - Keeping a low profile - Securitynik
As a defender, it is always recommended to NOT interact with a suspicious (threat actor) IP from your own network. However, since we need to investigate the threat actor’s IP(s), to learn something about the threat and or the device from which the attack is occurring, what can we do? The reality is there are […]
- Beginning packet capturing with Windows Built in Packet Monitor (pktmon) packet capturing tool - Securitynik
Recently while doing some unrelated research, I came across this link from www.bleepingcomputer.com about Windows having a built in sniffer. I am aware of being able to use “netsh trace” to perform packet capturing but this seems like a better option. I may be wrong. Windows having built in sniffer is a good thing, as […]
- A few "forgotten" tcpdump options - Dr. J
tcpdump is one of those tools that everybody uses, but nobody ever bothers to read the “man” page for. After all… it isn’t that hard. All you need to know is to always use “-n”, read your files with -r and write with -w. Once you figured out what your interfaces are called with ‘-i’… […]
- Continuing SQL Injection with SQLMap - Detection via Packet Analysis - Securitynik
Now that we have concluded the log analysis and detected that our system has been compromised via the SQLMap exploitation lab, let’s now see how the packets can help with detecting this activity. In the interest of time, let’s use the “pktIntel” tool from GitHub to see if this IP is known as malicious. Let’s […]
