July 7

Webinar takeaway: Hacking Packet Captures: The Foundations of Network Security

Security

0  comments

My key takeaways

  • Zeek does not capture whole packets but saves summaries of all conversations it sees to log files
    • saves time and space

    • "You wouldn't normally use Zeek for packet capture, instead you use it for analysis." - Bill Stearn

  • Sending a lot more data then recieving might indicate malicious traffic
  • use NetworkMiner to reconstruct network packets
    • not free, but a free edition

Env

additional links

Tags

blue team, packet capture, zeek

You may also like

Webinar takeaway – The Ins and Outs of RITA

My key takeaways RITA is made to detect beacons and long connections open source tool Signature based detection of malicious code is outdated Average detect time is over 6 month > 50% of compromised systems are detected by outsiders RITA is behaviour based Needs a bunch of pakets to work on min 1h, default 24h

Read More

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise

My key takeaways BEC external-to-internal passes all technical security measures like SPF, DKIM and DMARC BEC internal-to-internal bypasses anti-spam solutions Get comfy with PowerShell to interact with M365 since Jan 2019 MS enabled mailbox auditing for Exchange Online CrowdStrike Reporting Tool also reviews excessive permissions in Azure AD If you are suspiscous to have a

Read More
Leave a Comment