ET Cybersecurity Blog

This is lab 1.3 for the SEC511 class. I am going to use Security Onion and Wireshark to analyse the flaw in Apache ActiveMQ. The objective of this lab is to become familiar with the flow of this exploit and the subsequent ransomware infection. Apache ActiveMQ Vulnerability This is a critical remote code execution vulnerability…

This is lab 1.2 for the SEC511 class. In this lab, I am looking at a client exploitation. A user has reported to the help desk that his PC started acting funny. This was after he clicked on a suspicious link. This was then escalated to the security team. The help desk mentioned that the…

This is Lab 1.1 for the SEC511 Class In this lab, I will be using Security Onion and little bit of Wireshark as well. The goal of the lab is to get some familiarity with the classic flow of traditional service side attack. We will also see some evidence of both Exploitation and Command and…

For my cybersecurity class project, I decided to set up a honeypot on a Raspberry Pi 5. This document chronicles my entire journey – the successes, the mistakes, and everything I learned along the way. Honestly, it was more challenging than I expected, but also really rewarding when everything finally worked!What I Used for This…

The SEC450 CTF network consisted of a simulated mixed Windows Active Directory and Linux server environment. There were 3 subnets with machines:10.0.1.0/24 – Internal Servers (Active Directory Domain Controller, File share server)10.0.2.0/24 – User devices (5 User laptops)10.0.3.0/24 – DMZ (one Linux web server) DNS Concepts 1 If the IP address is an IPv4 address,…

ObjectivesThis exercise introduces you to a machine learning/AI pipeline solution that pushes data from Zeek through an AI model to produce alerts about network activity. DetailsThis lab will require us to start several SSH connections to the virtual machine. One of these will run Zeek, monitoring the loopback interface. Another will run a Python script…

Details During class we discovered that there was unusual activity on January 2, 2021. This leads to several important questions. Which way was the data moving? What does the data appear to be? Is this likely data exfiltration? We will answer these questions in this lab. Exercise 1 In the course book, we saw that…

DetailsIn this section you will experiment with the rwcount, rwstats, and rwnuniq tools. The goal is to understand how these tools function and examine how they can be used to answer important questions that an analyst will ask when researching a network, investigating network activities, or engaging in threat hunting activities. Exercise 1The rwstats tool…