tcpdump is one of those tools that everybody uses, but nobody ever bothers to read the “man” page for. After all… it isn’t that hard. All you need to know is to always use “-n”, read your files with -r and write with -w. Once you figured out what your interfaces are called with ‘-i’… […]

Now that we have concluded the log analysis and detected that our system has been compromised via the SQLMap exploitation lab, let’s now see how the packets can help with detecting this activity. In the interest of time, let’s use the “pktIntel” tool from GitHub to see if this IP is known as malicious. Let’s […]

In the previous post, we learned how to use SQLMap to perform SQL injection attacks. While it was cool that we were able to perform the attack, an important takeaway for us as defenders is being able to detect this activity. Let’s paint a scenario. As the security lead, you got a mail from your […]

A while back, I created this post on performing SQL injection manually. In this post, we take advantage of one of the most common tools used for SQL injection. In the next two posts, we will perform, log and packet analysis to detect the activity performed by SQLMap. To take advantage of the web application, […]

In this post, we are looking at what the packets look like when unencrypted HTTP basic authentication is targeted. First up, let’s see what types of packets are in the PCAP kali@securitynik:~$ tshark -r nmap-http-brute.pcap -q -z io,phs =================================================================== Protocol Hierarchy Statistics Filter: sll frames:3162 bytes:1168718 ip frames:3162 bytes:1168718 tcp frames:3162 bytes:1168718 vssmonitoring frames:870 bytes:53940 […]