TCP and HTTP packets decoding using Wireshark

November 10, 2023 0 Comments

In this lab, I am going to analyse the following pcap file: I am going to start doing some passive fingerprinting of the two systems communicating in this pcap file. Looking at the IP header, I can see that the TTL for the first system is 49 which makes me believe that this system is …

ICMP packets decoding using Wireshark and Tshark

November 4, 2023 0 Comments

In this lab, I am going to go through an analysis of ICMP packets using Wireshark. Here is the pcap file that I will go through: One of the first things that catches my eye is the length of the packets. The ICMP echo request packets are bigger than the ICMP echo replies (56 bytes …

Vulnerability Management / Web Testing with OWASP ZAP

September 22, 2023 0 Comments

In this antisyphon “Intro security” lab, I will be setting up a simple Python Web Server and a vulnerable web server called DVWA. These are designed from the ground up to teach people like me about a number of web application attacks. I will then use a free tool called OWASP ZAP to automatically look …

Sysmon

September 21, 2023 0 Comments

Sysmon, short for System Monitor, is a Windows system service and device driver that plays a crucial role in cybersecurity by providing detailed information about activities on a Windows-based computer. It is designed to enhance the ability to detect and investigate malicious activities and advanced threats within a Windows environment. This Sysmon lab is pretty …

Password Spraying with Powershell

September 20, 2023 0 Comments

Password spraying is a type of cyberattack that is used by hackers to gain unauthorized access to user accounts or computer systems. It is a technique in which the attacker attempts to access multiple accounts or systems by trying a few commonly used passwords or a list of commonly used passwords against many usernames or …

Password Cracking using Hashcat

September 20, 2023 0 Comments

First, l am going to disable Defender by running the following command from an Administrator PowerShell prompt (as, of course, password crackers tend to show up as malware on a system): The red errors means that Defender is not running on my system anymore. Now, I need to open a Command Prompt and navigate to …

Application Allow listing with AppLocker

September 19, 2023 0 Comments

Application Allow Listing, also known as Application Whitelisting, is a cybersecurity strategy and technique designed to enhance the security of a computer or network by specifying which applications or executable files are permitted to run or execute. In contrast to traditional security approaches that focus on blocking known malicious software (blacklisting), application allow listing takes …

Log Analysis using Bluespawn (EDR system)

August 8, 2023 0 Comments

During this Antisyphon Training laboratory session, I will utilize Bluespawn as a substitute for an EDR (Endpoint Detection and Response) system. BlueSpawn will be actively monitoring the system to identify any unconventional activities and will make a record of these occurrences. In this practical session, my focus will be on initiating BlueSpawn and subsequently running …

Enterprise Log Analysis

August 7, 2023 0 Comments

This is another Antisyphon Training lab and this one focuses on examining Active Directory logs produced during a domain password spray attack. I am going to use DeepBlueCLI in order to analyse the domain logs’ logon patterns. First, I am going to open a command prompt as administrator and I am going to go to …

Log Analysis using DeepBlueCLI

August 4, 2023 0 Comments

This another lab I have done while doing the “Intro to SOC” class offered by Antisyphon training. DeepBlueCLI is a free tool created by Eric Conrad. It is used for standard Windows Events logs. It had great detection capabilities and it also can be used to demonstrates how behavioral analysis style techniques function with the …