-
Layer 2 Security:LAB
DHCP Snooping, Dynamic ARP inspection, Port Security Exercise 4 – Configuring Layer 2 Security Features Sometimes a network could have traffic that is malicious. These types of traffic cannot be filtered with an access-list. For example, if we have clients that are configured to dynamically…
-
SIEM: NOTES
What is SIEM SIEM stands for Security Information and Event Management system. It is a tool that collects data from various endpoints/network devices across the network, stores them at a centralized place, and performs correlation on them. Before explaining the importance of SIEM, let’s first understand why it…
-
Wazuh: WALKTHROUGH
[INCOMPLETE] Created in 2015, Wazuh is an open-source, freely available and extensive EDR solution. It can be used in all scales of environments. Wazuh operates on a management and agent module. Simply, a device is dedicated to running Wazuh named a manager, where Wazuh operates on a management…
-
Endpoint Security: NOTES
Wazuh Wazuh is an open-source, freely available, and extensive EDR solution, which Security Engineers can deploy in all scales of environments. Wazuh operates on a management and agent model where a dedicated manager device is responsible for managing agents installed on the devices you'd like to monitor.…
-
TShark: NOTES
TShark is an open-source command-line network traffic analyser. It is created by the Wireshark developers and has most of the features of Wireshark. It is commonly used as a command-line version of Wireshark. However, it can also be used like tcpdump. Therefore it is preferred…
-
Wireshark (Defensive)
Capture Filter Syntax These filters use byte offsets hex values and masks with boolean operators, and it is not easy to understand/predict the filter's purpose at first glance. The base syntax is explained below: Comparison Operators You can create display filters by using different comparison…
-
Brim: NOTES
Brim vs Wireshark vs Zeek While each of them is powerful and useful, it is good to know the strengths and weaknesses of each tool and which one to use for the best outcome. As a traffic capture analyser, some overlapping functionalities exist, but each one…
-
Ubuntu Zeek: NOTES
Category Command Purpose and Usage Category Command Purpose and Usage Basics View the command history:ubuntu@ubuntu$ history Execute the 10th command in history: ubuntu@ubuntu$ !10 Execute the previous command:ubuntu@ubuntu$ !! Read File Read sample.txt file: ubuntu@ubuntu$ cat sample.txt Read the first 10 lines of the file: ubuntu@ubuntu$ head…
-
OpenCTI: NOTES
Cyber Threat Intelligence is typically a managerial mystery to handle, with organisations battling with how to input, digest, analyse and present threat data in a way that will make sense. From the rooms that have been linked on the overview, it is clear that there…
-
OSINT Tools: NOTES
Urlscan.io is a free service developed to assist in scanning and analysing websites. It is used to automate the process of browsing and crawling through websites to record activities and interactions. When a URL is submitted, the information recorded includes the domains and IP addresses contacted,…
Blog
