Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Tag: blog
-
Wazuh | Part 4 : Proof of Concept – Ubuntu Endpoint Part 1 of 3
This is part 4 of my journey in exploring Wazuh as an endpoint monitoring and protection tool. In my previous posts, I introdued Wazuh’s components and capabilities, built my lab environment using the Quickstart guide, and configured the server. I also deployed agents to my Ubuntu and Windows VMs. With my environment setup, I am…
-
Wazuh | Part 3 : Wazuh Agents installation
Welcome to part 3 of my journey in exploring Wazuh. In my previous blogs, I introduced Wazuh and its capabilities then walked through how easily it can be installed and configured. Now in this part, it’s time to deploy agents and start monitoring. Deploying Wazuh Agents For this blog, I will be deploying agents in…
-
Wazuh | Part 2 : Installing Wazuh and Configuring the Server
Welcome to part 2 of my journey in exploring Wazuh to gain a semblance of real-life experience in using an enterprise-grade security monitoring platform. In the first part, I delve into a brief introduction about Wazuh, its components and capabilities as an open source security monitoring platform that provides threat detection, integrity monitoring, incident response…
-
Wazuh | Part 1 : Components and Capabilities
In today’s rapidly evolving digital landscape, securing sensitive data and networks has become paramount. Among the arsenal of tools designed to fortify these defenses, Wazuh emerges as a robust and versatile solution. TryHackMe briefly introduced Wazuh in a separate room within the Endpoint Security Monitoring Module, which is part of their learning path to SOC…
-
Sysmon | TryHackMe
This is my write-up on TryHackMe’s Sysmon room. Task 1: Introduction It is highly recommended that the Windows Event Log room be completed before attempting this room, as the foundational knowledge on windows events will help us navigate this room. In addition, we will be utilizing the tools we learned in the room. Moving on,…
-
Snorting | Installing, Configuring, & Exploring Snort
In this blog, I will be installing, configuring, and exploring Snort. This the second installment to my first home lab setup with Snort. Here’s a summary of what I have done in this lab project. Note: All the scripts I utilized can be found in my Github page. Disclosure: The scripts are generated with the…
-
Preventing Attacks with Snort
Snort Challenge – Live Attacks | TryHackMe Task 1: Introduction So far, we have been only detecting alerts with the rules that we have created. In this room, we are going to stop malicious activities from exploiting a host. If you have not completed the other Snort rooms, it is highly suggested that you complete…
-
Snort Challenge — The Basics : TryHackMe
Put your snort skills into practice and write snort rules to analyse live capture network traffic. Task 1: Introduction The room invites you a challenge to investigate a series of traffic data and stop malicious activity under two different scenarios. Let’s start working with Snort to analyse live and captured traffic. We recommend completing the…
-
Snort | TryHackMe
SNORT is an open-source, rule-based Network Intrusion Detection and Prevention System (NIDS/NIPS). It was developed and still maintained by Martin Roesch, open-source contributors, and the Cisco Talos team. The official description: “Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious…
-
TryHackMe | NetworkMiner
Learn how to use NetworkMiner to analyse recorded traffic files and practice network forensics activities. NetworkMiner is an open-source traffic sniffer, pcap handler and protocol analyser. Developed and still maintained by Netresec. The official description; “NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS…
Igor_sec's Blog 