ET Cybersecurity Blog

For my cybersecurity class project, I decided to set up a honeypot on a Raspberry Pi 5. This document chronicles my entire journey – the successes, the mistakes, and everything I learned along the way. Honestly, it was more challenging than I expected, but also really rewarding when everything finally worked!What I Used for This…

The SEC450 CTF network consisted of a simulated mixed Windows Active Directory and Linux server environment. There were 3 subnets with machines:10.0.1.0/24 – Internal Servers (Active Directory Domain Controller, File share server)10.0.2.0/24 – User devices (5 User laptops)10.0.3.0/24 – DMZ (one Linux web server) DNS Concepts 1 If the IP address is an IPv4 address,…

ObjectivesThis exercise introduces you to a machine learning/AI pipeline solution that pushes data from Zeek through an AI model to produce alerts about network activity. DetailsThis lab will require us to start several SSH connections to the virtual machine. One of these will run Zeek, monitoring the loopback interface. Another will run a Python script…

Details During class we discovered that there was unusual activity on January 2, 2021. This leads to several important questions. Which way was the data moving? What does the data appear to be? Is this likely data exfiltration? We will answer these questions in this lab. Exercise 1 In the course book, we saw that…

DetailsIn this section you will experiment with the rwcount, rwstats, and rwnuniq tools. The goal is to understand how these tools function and examine how they can be used to answer important questions that an analyst will ask when researching a network, investigating network activities, or engaging in threat hunting activities. Exercise 1The rwstats tool…

DetailsThis section of exercises allows you to explore the use of SiLK with a NetFlow repository rather than using files generated from packet capture files. Using SiLK with packet captures is very useful during an incident response if a NetFlow repository isn’t available, but during normal day-to-day operations, you would typically use SiLK with a…

Exercise 1 I am going to use a tool called scapy to complete this lab: The first thing that I need to do is to create an Ethernet header and an IP header, assigning each to a variable: Let’s now create the ICMP sequence number: Now that all the required headers have been built, I…

Exercise 1 Description:Examine the TCP session between hosts 192.168.1.103 and 192.168.1.104. There is something that is nonstandard about this session. What is it, and why might it cause an IDS evasion? In Packet 64, the client at 192.168.1.104 tried to establish a connection with the server at 192.168.1.103. Instead of acknowledging the connection, host 192.168.1.103…

In this lab, I will be developing another useful script that is a little bit more advanced than the ones created in part 1 and 2. Exercise – HTTP Exfiltration? Description:In this exercise, we will create a script that locates anomalous outbound data transfers based on the idea that, generally, we would expect to find…