The term threat hunting spawns different ideas and has different meanings for seemingly everyone you talk to. Understanding what threat hunting is will help you better equip your security teams to respond to alerts and mitigate risk. But is it basic triage of known indicators of compromise (IOC) in a proactive manner or some magical Jedi skill that only masters can summon and execute?
An introduction of the supply chain attack caused in the Orion update protocol of the Solarwinds network management software suite of 2020.
You might have read several of our other network security blogs covering topics that people in the cybersecurity field need to know. Now is an excellent time to talk about Distributed Denial of Service (DDoS).
We have all have heard of network analyzers or packet sniffers, Wireshark with its command-line counterpart Tshark, or tcpdump.
This article explores how Linux's command-line power, combined with the tcpdump lexical parser's filter expressions, can be used for some complex networking debugging. If you are bored at home in these COVID times, how about extracting the video of a video conference capture? (On a serious note, only do this for your video with the participants' permission.)
DNS - Do Not think it's Simple
In our recent series of articles, we talked about network security-related tools and techniques one needs to be aware of to build a cybersecurity career. Next, we will cover DNS and its related security implications!
DNS, or Domain Name System, translates domain names to IP addresses, so your browser/s can find what you searched. DNS resolvers are usually stub resolvers, which means that the full DNS records lie elsewhere.
If your organization is running a web application, you are likely to use EC2. Further, there is a high likelihood your instances are all Linux. Linux systems are robust and a suitable first choice for server applications like a MEAN stack express.js web server, an application built using open source LAMP stack, commercial proprietary software, or basic server using Apache or Nginx. Linux is also very widely used for both SQL and NoSQL database applications like Redis, Mongo, or Postgres or MySQL.
Zeek the new Bro
Zeek is the new name for Bro that has been in existence since 1994. In this article, we will review the useful features of Zeek that make it a powerful tool for network analysis and security monitoring. Need a little more familiarity with Zeek? Check out our previous blog: Bro: Security's Swiss Army Knife.
A swiss army knife is a plethora of tools wrapped up into one friendly and compact system. When describing anything as a swiss army knife, we mean they have a wide range of uses, whether it be knowledge, applicability, adaptivity, or otherwise.
Bro, the leading platform for network security monitoring, is quite an exciting ecosystem of wire-speed security analyzers and triggers. It takes a unique approach to network security monitoring, meaning it takes a bit of time to get used to it.
Bro was renamed to Zeek in 2018, but many still refer to it as "Bro." For this article, we will refer to it as "Bro." This is a gentle intro to familiarizing yourself with what Bro has to offer, complete with example code.
We have all been there, sitting in class thinking to ourselves, "I will never use this in real life." However, life has a way of proving us wrong.
Enter Noam Chomsky