Packets or it didn't happen!
  • Snort3 on Ubuntu 20 – Housekeeping – AppID, RNA, Performance Monitoring, Profiling, JSON Logging, Other config, etc.
  • Snort3 on Ubuntu 20 – Feeding and testing the pig – rules and PulledPork
  • Snort3 on Ubuntu 20 – Learning a little about our installation – Getting Help, Running Snort3, etc
  • Snort3 on Ubuntu 20 – The Initial Setup
  • Troubleshooting HTTPS – SSH Connectivity to IBM QRadar with TShark
  • Security On The Cheap – Beginning Elastic – Installing and Providing Basic Security to Winlogbeat – Elastic Stack 7.9 on Ubuntu 20.04
  • Beginning Elastic – Installing, Configuring and Providing Basic Security to Packetbeat – Elastic Stack 7.9 on Ubuntu 20.04
  • Beginning Elastic – Installing and Providing Basic Security to Filebeat – Elastic Stack 7.9 on Ubuntu 20.04
  • Beginning Elastic – Installing and Providing Basic Security to Auditbeat – Elastic Stack 7.9 on Ubuntu 20.04
  • Beginning Elastic – Installing and Providing Basic Security to Metricbeat – Elastic Stack 7.9 on Ubuntu 20.04
  • Beginning Elastic Stack – Providing Basic Security to Elastic and Kibana 7.9 communication on Ubuntu 20.04
  • Beginning Elastic Stack – Installing Kibana 7.9 on Ubuntu 20.04
  • Beginning Elastic Stack – Installing Elastic 7.9 on Ubuntu 20.04
  • What is TLS “GREASE”?
  • Beginning Proxychains – Keeping a low profile
  • Beginning packet capturing with Windows Built in Packet Monitor (pktmon) packet capturing tool
  • A few “forgotten” tcpdump options
  • Continuing SQL Injection with SQLMap – Detection via Packet Analysis
  • Continuing SQL Injection with SQLMap – Detection via logs
  • Continuing SQL Injection with SQLMap – Exploitation
  • Detecting HTTP Basic Authentication Brute Force Attacks via packets with TShark
  • Installing Zeek 3.1.4 on Ubuntu 20.04
  • Continuing Stack Based Buffer Overflow – Return to LibC
  • Using TShark For Continuous Packet Monitoring and Packet Intelligence
  • Continuing Buffer Overflow – The Basics
  • Finding passwords via GDB and strncmp
  • Remote packet capturing with TShark
  • More About DNS over HTTPS Traffic Analysis
  • Profiling TLS Traffic to Identify DNS over HTTPS
  • When MacOS Catalina Comes to Life: The First Few Minutes of Network Traffic From MacOS 10.15.
  • The Weekly Zeek: DNS Cache Poisoning detection
  • The Weekly Zeek: Events, not packets
  • The Weekly Zeek: Death of &persistent
  • DNS over HTTPS
  • Zeek Correlations: Outbound Connections
  • You’re Doing That Wrongly
  • I Can Read Your Mind
  • Odd ICMP Echo Requests
  • Esoterica: tcpdump DNS Anomalies