Packets or it didn't happen!
Beginning Fourier Transform – Detecting Beaconing in our networks
Beginning SiLK – Systems for Internet Level Knowledge – working with network flow data
Solving the CTF challenge – Network Forensics (packet and log analysis), USB Disk Forensics, Database Forensics, Stego
Packet Crafting – Tearing down a connection with TCP Reset
Understanding and Decrypting TLS based communication – HTTP over TLS (HTTPS)
Understanding NMAP’s scan techniques: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
Its about time: OS Fingerprinting using NTP
Packet Tuesday: Network Traffic Analysis for the Whole Family
DNS Option 15: Debugging DNSSEC Errors.
Continuing Log4-Shell – Zeek – Detection
Continuing Log4-Shell – Snort3 Rule – Detection
Continuing Log4-Shell – Packet Analysis – Detection
Continuing Log4-Shell – Understanding/Testing The Exploit
Beginning Log4-Shell – Understanding The Issue/Vulnerability
Beginning Web Shell: The basics and some detection / The Importance of Full Packet Captures
TShark: Working with statistics
TShark : Finding data with “contains” and “matches” (Regular Expression)
Snort3 on Ubuntu 20 – Housekeeping – AppID, RNA, Performance Monitoring, Profiling, JSON Logging, Other config, etc.
Snort3 on Ubuntu 20 – Feeding and testing the pig – rules and PulledPork
Snort3 on Ubuntu 20 – Learning a little about our installation – Getting Help, Running Snort3, etc
Snort3 on Ubuntu 20 – The Initial Setup
Troubleshooting HTTPS – SSH Connectivity to IBM QRadar with TShark
Security On The Cheap – Beginning Elastic – Installing and Providing Basic Security to Winlogbeat – Elastic Stack 7.9 on Ubuntu 20.04
Beginning Elastic – Installing, Configuring and Providing Basic Security to Packetbeat – Elastic Stack 7.9 on Ubuntu 20.04
Beginning Elastic – Installing and Providing Basic Security to Filebeat – Elastic Stack 7.9 on Ubuntu 20.04
Beginning Elastic – Installing and Providing Basic Security to Auditbeat – Elastic Stack 7.9 on Ubuntu 20.04
Beginning Elastic – Installing and Providing Basic Security to Metricbeat – Elastic Stack 7.9 on Ubuntu 20.04
Beginning Elastic Stack – Providing Basic Security to Elastic and Kibana 7.9 communication on Ubuntu 20.04
Beginning Elastic Stack – Installing Kibana 7.9 on Ubuntu 20.04
Beginning Elastic Stack – Installing Elastic 7.9 on Ubuntu 20.04
What is TLS “GREASE”?
Beginning Proxychains – Keeping a low profile
Beginning packet capturing with Windows Built in Packet Monitor (pktmon) packet capturing tool
A few “forgotten” tcpdump options
Continuing SQL Injection with SQLMap – Detection via Packet Analysis
Continuing SQL Injection with SQLMap – Detection via logs
Continuing SQL Injection with SQLMap – Exploitation
Detecting HTTP Basic Authentication Brute Force Attacks via packets with TShark
Installing Zeek 3.1.4 on Ubuntu 20.04
Continuing Stack Based Buffer Overflow – Return to LibC
Using TShark For Continuous Packet Monitoring and Packet Intelligence
Continuing Buffer Overflow – The Basics
Finding passwords via GDB and strncmp
Remote packet capturing with TShark
More About DNS over HTTPS Traffic Analysis
Profiling TLS Traffic to Identify DNS over HTTPS
When MacOS Catalina Comes to Life: The First Few Minutes of Network Traffic From MacOS 10.15.
The Weekly Zeek: DNS Cache Poisoning detection
The Weekly Zeek: Events, not packets
The Weekly Zeek: Death of &persistent
DNS over HTTPS
Zeek Correlations: Outbound Connections
You’re Doing That Wrongly
I Can Read Your Mind
Odd ICMP Echo Requests
Esoterica: tcpdump DNS Anomalies