Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Introduction In my previous posts, I walked through installing Wazuh, deploying agents, and demonstrating core capabilities like file integrity monitoring and malware detection on a Windows endpoint. In this final installment, I’ll showcase a few additional key capabilities of Wazuh on Windows, including security configuration assessments, active response, log analysis, and system inventory tracking. These…
Introduction In my previous posts, I demonstrated the capabilities of Wazuh for monitoring and protecting an Ubuntu endpoint, including detecting malware, analyzing system calls, assessing configurations, and more. This time, I will be replicating some use cases and proof of concept on a Windows endpoint. In this post, I’ll walk through practical examples of using…
Introduction In my last post, I walked through practical examples of Wazuh capabilities including monitoring Docker events, NIDS integration, and malware detection using Yara and VirusTotal Integration. Now I’ll explore additional key features of the Wazuh agent including monitoring system calls, Security Configuration Assessment, taking active response, maintaining a system inventory, and leveraging osquery. System…
In my last post, I began demonstrating Wazuh’s security capabilities on an Ubuntu endpoint. I showed features like file integrity monitoring, and active response in action. In this post, I continue to re-create and explore practical examples of Wazuh as a tool for monitoring docker events, integrating network-based IDS, detecting and removing malware, and many…
This is part 4 of my journey in exploring Wazuh as an endpoint monitoring and protection tool. In my previous posts, I introdued Wazuh’s components and capabilities, built my lab environment using the Quickstart guide, and configured the server. I also deployed agents to my Ubuntu and Windows VMs. With my environment setup, I am…
Welcome to part 3 of my journey in exploring Wazuh. In my previous blogs, I introduced Wazuh and its capabilities then walked through how easily it can be installed and configured. Now in this part, it’s time to deploy agents and start monitoring. Deploying Wazuh Agents For this blog, I will be deploying agents in…
Welcome to part 2 of my journey in exploring Wazuh to gain a semblance of real-life experience in using an enterprise-grade security monitoring platform. In the first part, I delve into a brief introduction about Wazuh, its components and capabilities as an open source security monitoring platform that provides threat detection, integrity monitoring, incident response…
In today’s rapidly evolving digital landscape, securing sensitive data and networks has become paramount. Among the arsenal of tools designed to fortify these defenses, Wazuh emerges as a robust and versatile solution. TryHackMe briefly introduced Wazuh in a separate room within the Endpoint Security Monitoring Module, which is part of their learning path to SOC…
In this blog, I will be installing, configuring, and exploring Snort. This the second installment to my first home lab setup with Snort. Here’s a summary of what I have done in this lab project. Note: All the scripts I utilized can be found in my Github page. Disclosure: The scripts are generated with the…
After completing TryHackMe’s module on Network Security and Traffic Analysis, I wanted to delve more into how to install and configure Snort, and play around with it. In this post, I will be covering how I set up my home lab, with the steps I took to download, install, and configure the machines. This setup…