Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Hello! Welcome to my blog where I post write-ups for CTF challenges.
After completing TryHackMe’s module on Network Security and Traffic Analysis, I wanted to delve more into how to install and configure Snort, and play around with it. In this post, I will be covering how I set up my home lab, with the steps I took to download, install, and configure the machines. This setup…
Snort Challenge – Live Attacks | TryHackMe Task 1: Introduction So far, we have been only detecting alerts with the rules that we have created. In this room, we are going to stop malicious activities from exploiting a host. If you have not completed the other Snort rooms, it is highly suggested that you complete…
Put your snort skills into practice and write snort rules to analyse live capture network traffic. Task 1: Introduction The room invites you a challenge to investigate a series of traffic data and stop malicious activity under two different scenarios. Let’s start working with Snort to analyse live and captured traffic. We recommend completing the…
SNORT is an open-source, rule-based Network Intrusion Detection and Prevention System (NIDS/NIPS). It was developed and still maintained by Martin Roesch, open-source contributors, and the Cisco Talos team. The official description: “Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious…
Learn how to use NetworkMiner to analyse recorded traffic files and practice network forensics activities. NetworkMiner is an open-source traffic sniffer, pcap handler and protocol analyser. Developed and still maintained by Netresec. The official description; “NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS…
Put your Zeek skills into practice and analyse network traffic. The room invites you a challenge to investigate a series of traffic data and stop malicious activity under different scenarios. Let’s start working with Zeek to analyse the captured traffic. We recommend completing the Zeek room first, which will teach you how to use the…
Introduction to hands-on network monitoring and threat detection with Zeek (formerly Bro). Link: https://tryhackme.com/room/zeekbro Zeek (formerly Bro) is an open-source and commercial network monitoring tool (traffic analyser). The official description; “Zeek (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open-source, and powered by defenders.” “Zeek is a passive, open-source network traffic…
Practice analyzing malicious traffic using Brim. Link: https://tryhackme.com/room/mastermindsxlq “Note: Before attempting this room, it is highly recommended that you complete the Zeek and Brim rooms. Those mentioned rooms cover basic security concepts and processing Zeek log files, which will help you navigate this room effectively.” “Three machines in the Finance department at Pfeffer PLC were…
Learn and practice log investigation, pcap analysis and threat hunting with Brim. Link: https://tryhackme.com/room/brim “BRIM is an open-source desktop application that processes pcap files and logs files. Its primary focus is providing search and analytics. In this room, you will learn how to use Brim, process pcap files and investigate log files to find the…
Learn the basics of traffic analysis with Wireshark and how to find anomalies on your network! Link: https://tryhackme.com/room/wiresharkpacketoperations “In this room, we will cover the techniques and key points of traffic analysis with Wireshark and detect suspicious activities. Note that this is the third and last room of the Wireshark room trio, and it is…