ET Cybersecurity Blog

Overview In this lab, I explored the intricacies of the HTTP protocol while gaining practical experience with network traffic analysis and intrusion detection systems (IDS), specifically Snort. The goal was to extract and analyze HTTP traffic captured from a live network segment, then prepare the data for further inspection using IDS tools. Objectives The lab…

Exercise 1Task: Develop a new version of the detection rule created in the first lab that identifies the exploit within the payload by applying keyword options such as offset, within, depth, and distance. Instructions:Begin by duplicating the rule you previously created in the last exercise. Paste it into a new file to work with a…

ObjectivesThis lab is the first in a series aimed at guiding you through writing effective rules for IDS/IPS tools such as Snort and Suricata. DetailsYou’ll be using the packet capture file located at /sec503/Exercises/Day3/01_exploit.pcap. The goal is to write a signature that correctly detects the exploit within the capture, which simulates a system compromise using…

PurposeThis lab is an introduction to Snort and its output. It focuses on helping a new user get comfortable with the tool. Exercise 1 1)Start by exploring Snort’s available command-line options. Run the following command to view help information and understand what parameters are available: 2)Which command-line option should you use to specify a particular…

Exercise 1 Description: Extract the web object image from wireshark3.pcap and view it. According to the extracted image, what did Snort save? Exercise 2 Description: Carve and decode the base64-encoded message from the SMTP exchange between 10.10.10.10 and 10.10.10.25. What does it say? First, we apply a filter to capture all the packets involved in…

This lab focused on analyzing packet behavior related to UDP and ICMP. It was designed to help understand how certain traffic patterns can trigger ICMP error messages and under what conditions those messages should or shouldn’t appear. Exercise 1 – Investigating ICMP Echo Requests Task:The first six records in the capture are grouped in pairs.…

Lab 2.3 – TCP Packet Analysis This lab focused on deepening my understanding of core TCP concepts through packet inspection. Exercise 1 – Verifying TCP Protocol Checksum Task: Examine the embedded TCP checksum in the packet with: The checksum is equal to 0x0000 which is not a valid checksum: Wireshark also flagged this field as…

This lab focused on building familiarity with tcpdump filters, particularly for identifying specific traffic based on TCP flags. The lab also introduced the use of TCP flags, which play a key role in identifying different types of TCP traffic (e.g., SYN, ACK, FIN). Exercise 1 – Identifying TCP Connection Attempts with tcpdump Objective:Use tcpdump to…