January 5

Webinar takeaway – BPF – Picking Packets

Security

0  comments

My key takeaways

  • one lib to capture all pakets for all OS
  • BPF is to filter packages
    • better SNR for packet filtering
  • BPF filter effect only the programm you call it with
    • no change to the package itself
  • Process:
    • human creats filter
      • single quotes at the end of the line invoking the prg like tcpdump
      • double quotes for windump
    • programm pass it to libpcap
    • libpcap pass to kernel <- fast!
  • Works also fine with ngrep
  • you can stack multiple filters by putting one after the other at the end of the line each separated by a space

Env

additional links

Tags

packet capture, threat hunting

You may also like

What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles

— And why your SOC might actually need a Bard 🐉⚔️ Cybersecurity teams are often compared to armies, fire brigades, or special forces. Personally? I think they’re much closer to a party of heroes in a classic fantasy role-playing game. No matter how many frameworks, SIEMs, or AI tools we summon, defending a digital kingdom

Read More

Webinar takeaway – Applying The Threat Hunter’s Runbook

My key takeaways threat hunting runbook Identify connection persistency Identify if there is a business need Protocol analysis Investigate external IP address Investigate internal IP address Threat hunting is stealthy only when in IR mode, the adversary should be allowed to notice we are after him set the TCP timeout from 5min to 1h in

Read More
Leave a Comment