Packets or it didn't happen!
  • Understanding Packet Crafting – The Windows IPv6 Vulnerability – CVE-2024-38063: Remote Kernel Exploitation via IPv6
  • Beginning Fourier Transform – Detecting Beaconing in our networks
  • Beginning SiLK – Systems for Internet Level Knowledge – working with network flow data
  • Solving the CTF challenge – Network Forensics (packet and log analysis), USB Disk Forensics, Database Forensics, Stego
  • Packet Crafting – Tearing down a connection with TCP Reset
  • Understanding and Decrypting TLS based communication – HTTP over TLS (HTTPS)
  • Understanding NMAP’s scan techniques: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  • Its about time: OS Fingerprinting using NTP
  • Packet Tuesday: Network Traffic Analysis for the Whole Family
  • DNS Option 15: Debugging DNSSEC Errors.
  • Continuing Log4-Shell – Zeek – Detection
  • Continuing Log4-Shell – Snort3 Rule – Detection
  • Continuing Log4-Shell – Packet Analysis – Detection
  • Continuing Log4-Shell – Understanding/Testing The Exploit
  • Beginning Log4-Shell – Understanding The Issue/Vulnerability
  • Beginning Web Shell: The basics and some detection / The Importance of Full Packet Captures
  • TShark: Working with statistics
  • TShark : Finding data with “contains” and “matches” (Regular Expression)
  • Snort3 on Ubuntu 20 – Housekeeping – AppID, RNA, Performance Monitoring, Profiling, JSON Logging, Other config, etc.
  • Snort3 on Ubuntu 20 – Feeding and testing the pig – rules and PulledPork
  • Snort3 on Ubuntu 20 – Learning a little about our installation – Getting Help, Running Snort3, etc
  • Snort3 on Ubuntu 20 – The Initial Setup
  • Troubleshooting HTTPS – SSH Connectivity to IBM QRadar with TShark
  • Security On The Cheap – Beginning Elastic – Installing and Providing Basic Security to Winlogbeat – Elastic Stack 7.9 on Ubuntu 20.04
  • Beginning Elastic – Installing, Configuring and Providing Basic Security to Packetbeat – Elastic Stack 7.9 on Ubuntu 20.04
  • Beginning Elastic – Installing and Providing Basic Security to Filebeat – Elastic Stack 7.9 on Ubuntu 20.04
  • Beginning Elastic – Installing and Providing Basic Security to Auditbeat – Elastic Stack 7.9 on Ubuntu 20.04
  • Beginning Elastic – Installing and Providing Basic Security to Metricbeat – Elastic Stack 7.9 on Ubuntu 20.04
  • Beginning Elastic Stack – Providing Basic Security to Elastic and Kibana 7.9 communication on Ubuntu 20.04
  • Beginning Elastic Stack – Installing Kibana 7.9 on Ubuntu 20.04
  • Beginning Elastic Stack – Installing Elastic 7.9 on Ubuntu 20.04
  • What is TLS “GREASE”?
  • Beginning Proxychains – Keeping a low profile
  • Beginning packet capturing with Windows Built in Packet Monitor (pktmon) packet capturing tool
  • A few “forgotten” tcpdump options
  • Continuing SQL Injection with SQLMap – Detection via Packet Analysis
  • Continuing SQL Injection with SQLMap – Detection via logs
  • Continuing SQL Injection with SQLMap – Exploitation
  • Detecting HTTP Basic Authentication Brute Force Attacks via packets with TShark
  • Installing Zeek 3.1.4 on Ubuntu 20.04
  • Continuing Stack Based Buffer Overflow – Return to LibC
  • Using TShark For Continuous Packet Monitoring and Packet Intelligence
  • Continuing Buffer Overflow – The Basics
  • Finding passwords via GDB and strncmp
  • Remote packet capturing with TShark
  • More About DNS over HTTPS Traffic Analysis
  • Profiling TLS Traffic to Identify DNS over HTTPS
  • When MacOS Catalina Comes to Life: The First Few Minutes of Network Traffic From MacOS 10.15.
  • The Weekly Zeek: DNS Cache Poisoning detection
  • The Weekly Zeek: Events, not packets
  • The Weekly Zeek: Death of &persistent
  • DNS over HTTPS
  • Zeek Correlations: Outbound Connections
  • You’re Doing That Wrongly
  • I Can Read Your Mind
  • Odd ICMP Echo Requests
  • Esoterica: tcpdump DNS Anomalies