Posts

Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM....
14 comments
Read more

Beginner’s guide: How to setup a SOC (Security Operations Center)

-
Image
Lot of people asks me to put something about setting up a SOC. So from today onwards, I’ll be posting articles about, how to set up a SOC. Unlike my other tutorials, SOC is not a specific tool/device, which you can simply ‘fit and forget’. So you need lots of patience and hard work to build one. As usual I’ll posting set-by-step instructions from planning to setting up the SOC.   But before that we need to learn some basics. We need all of you networking, system administration and security skills for this. As a minimum requirement to start, you need to have the following skills Networking basics (Preferred CCNA) Basic system administration (Linux and windows) Security administration (Firewall / UTM management) In other words if know how to configure networking devices, knows how to install package in windows and Linux, and knows at least how to open close ports in firewall, then we’re good to go. I’ve tried my best to write the article from the very basics stuff...
10 comments
Read more

Can you ping a port?

-
Image
This is one of the top questions I hear at the time of a SIEM implementation. Most people (non-technical) think that just like doing a ‘ping’ to an IP address, we can do ping ports. Honestly, that is not possible. Then how can we actually check accessibility to a port, well there is a way. But before we jump in to it, we need to know a few basics about what a port is, and why we are not able to ping it.
Post a Comment
Read more

TCP/IP Suite

-
Image
  I hope all of you have already read my blog on OSI layers.   http://pentesterblogs.blogspot.in/2016/07/networking-terminologies.html Today we are going to discuss the TCP/IP suite. When compared with the OSI layer, we can see that few layers have been merged together in TCP/IP suite. Just like the OSI layers, TCP/IP suite is also made up of hierarchical protocols which are interactive and are not necessarily interdependent. OSI layer specifically defines functions of each layer in the model, whereas in TCP/IP suite, these independent protocols can be mixed and matched depending upon the need of the system. Just like the OSI model, upper level layers are supported by one or more lower level protocols in TCP/IP suite also.
1 comment
Read more

Jumpstart your Wireshark skills

-
Image
Wireshark essential tutorial What we are going to do? In this post, we will start learning Wireshark from the scratch. I’ll show the menus, filters and many other options. Most of the people know about Wirehsark, but they don’t want to try it, because they simply don’t know how to write filters. My key focus will be on creating filter, not writing filters. Yes it is true, that you can make filters without learning those filter parameters. On simple words, you can use Wireshark without touching the keyboard. Those who have kali linux, they have it in Kalilinux. I’ll be using wireshark 32 bit version. I’ll concentrate on HTTP traffic throughout the tutorial. So let’s start with little bit of theory
1 comment
Read more

Brief tutorial on Maltego in KaliLinux

-
Image
How to run Maltego Chlorine What is Maltego Maltego is proprietary software by Paterva commonly used for open-source intelligence and forensics,. It mainly focuses on discovering of data from open sources and visualizing that information suitable for link analysis and data mining. The core focus of the application is to analyze real-world relationships between people or a group, sometimes websites, domains or even networks, internet infrastructure, and connection with online social networking sites. Maltego has gained lots of attention from security researchers, according to the Open Web Application Security Project (OWASP).
2 comments
Read more

Nmaping your network

-
Image
A short tutorial for using NMAP   I hear a lots of questions like, how do we scope assets, or how do I manage my asset inventory. Well the answer is NMAP. Nmap is a quite handy tool, that'll allow you to map ip address with assets, create an asset inventory, or even  a small vulnerability scans. Here we'll talk about how to run an nmap full scan, nmap all port scan or nmap specific port scan For all those newbies out there, I’m just starting from scratch. As you all know NMAP means network mapping. This is a small tool which every pentester and network/system administrator must know. Most of my friends complain that Nmap is so vast; they don’t know how to set or why to set certain attributes before initiating a scan. To understand the working of Nmap properly, you need to how a system works in network. I’m not planning to go into core basics, but we’ll touch whatever is essential.
Post a Comment
Read more

Scanning and Enumeration

-
Scanning Assets After the initial reconnaissance, a pentester identifies the target system, as discussed before the pentester concentrates on getting a mode of entry into the target system. The scanning phase can not be limited to intrusion alone. It can be extended form of reconnaissance where the pentester learns more about target, like what operating system is being used, what services  are being run on the systems, and any configuration lapses if any of it can be identified. The pentester can then strategize his/her attack, factoring in these aspects. Footprinting is the first phase of pentesting, in which the pentester gains information about the target, passively or actively. Footprinting alone is not enough for pentesting because it will only give the pentester an overview or primary information about the target. The pentester can use this primary information in the next phase to gather even more in-depth details about the target. This process of gathering in-d...
Post a Comment
Read more