July 7

Webinar takeaway: Hacking Packet Captures: The Foundations of Network Security

Security

0  comments

My key takeaways

  • Zeek does not capture whole packets but saves summaries of all conversations it sees to log files
    • saves time and space

    • "You wouldn't normally use Zeek for packet capture, instead you use it for analysis." - Bill Stearn

  • Sending a lot more data then recieving might indicate malicious traffic
  • use NetworkMiner to reconstruct network packets
    • not free, but a free edition

Env

additional links

Tags

blue team, packet capture, zeek

You may also like

What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles

— And why your SOC might actually need a Bard 🐉⚔️ Cybersecurity teams are often compared to armies, fire brigades, or special forces. Personally? I think they’re much closer to a party of heroes in a classic fantasy role-playing game. No matter how many frameworks, SIEMs, or AI tools we summon, defending a digital kingdom

Read More

Webinar takeaway – The Ins and Outs of RITA

My key takeaways RITA is made to detect beacons and long connections open source tool Signature based detection of malicious code is outdated Average detect time is over 6 month > 50% of compromised systems are detected by outsiders RITA is behaviour based Needs a bunch of pakets to work on min 1h, default 24h

Read More
Leave a Comment