MalwareLab<p>During the <a href="https://infosec.exchange/tags/SharkBytes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SharkBytes</span></a> session at <a href="https://infosec.exchange/tags/SharkFest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SharkFest</span></a> conference I had an opportunity to present a lightning talk about my pet project called IDS Lab.<br>It is a lab infrastructure deployable as docker containers, which simulates the small company network.</p><p>The IDS Lab consists of web webserver with <a href="https://infosec.exchange/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wordpress</span></a>, <a href="https://infosec.exchange/tags/MySQL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MySQL</span></a> database, <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> desktop with RDP, the <a href="https://infosec.exchange/tags/WireGuard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WireGuard</span></a> VPN for "remote" workers and for connecting another virtual or physical machines into the lab network.<br>This part of infrastructure can be used for attack simulations.</p><p>There are additional components for playing with logs and detections, too: <a href="https://infosec.exchange/tags/Fluentbit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fluentbit</span></a>, <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suricata</span></a> and <a href="https://infosec.exchange/tags/OpenObserve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenObserve</span></a> as lightweight SIEM. </p><p>In the <a href="https://infosec.exchange/tags/SIEM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SIEM</span></a> we already have preconfgured dashboards for alerts, netflows, web logs and logs from windows machines, if present.</p><p>Using the provided setup script, the whole lab can be up and running in up to 5 minutes. For more info, please check my GitHub repository with the IDS Lab:</p><p><a href="https://github.com/SecurityDungeon/ids-lab/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/SecurityDungeon/ids</span><span class="invisible">-lab/</span></a></p><p><a href="https://infosec.exchange/tags/sf24eu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sf24eu</span></a> <a href="https://infosec.exchange/tags/wireshark" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wireshark</span></a> <span class="h-card" translate="no"><a href="https://ioc.exchange/@wireshark" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>wireshark</span></a></span></p>
Recent searches
No recent searches
Search options
Not available on handmade.social.
handmade.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
handmade.social is for all handmade artisans to create accounts for their Etsy and other handmade business shops.
Administered by:
Server stats:
35active users
handmade.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#sharkfest
0 posts · 0 participants · 0 posts today
MalwareLab<p>Today training about <a href="https://infosec.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatHunting</span></a> with <a href="https://infosec.exchange/tags/Wireshark" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wireshark</span></a> by Chris Greer was very good. Great selection of pcaps from various stages of the cyber attacks inspired us to ask questions and discuss together in depth details and anomalies hidden in the packets.<br>Also the private room on <a href="https://infosec.exchange/tags/Tryhackme" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tryhackme</span></a> platform works great. It is nice to see our progress during the course and receive the instant feedback. </p><p>To be humble, I do not know Chris before this training and I was not really sure what to expect from today (I originally registered for the different Threat Hunting training, which was later replaced by this one). But now I can really recommend Chris and his training to everyone interested in packet analysis and network intrusions. Good job and thank you. </p><p><a href="https://infosec.exchange/tags/sharkfest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sharkfest</span></a> <a href="https://infosec.exchange/tags/sf24eu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sf24eu</span></a> <span class="h-card" translate="no"><a href="https://ioc.exchange/@wireshark" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>wireshark</span></a></span> </p><p>RE: <a href="https://ioc.exchange/@wireshark/113424145382124393" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ioc.exchange/@wireshark/113424</span><span class="invisible">145382124393</span></a></p>
SearchLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload