Hi Medium! Here we are again with a new article, today we will talk about advanced threat detection and the several methods used in defense as follows:
Facing different attacks is not an easy job, the threat detection team need to act in a fast and efficient way when a hacker slipped past their defenses. Threat detection is where the security guys that work within an organization identify “known” and “unknown” attacks (sophisticated ones). …
Hi Medium! Here we are again with a new article, I was asked by a friend in my last article about Enumeration to provide a breakout on the SMTP technique.
In this article, we will go through different tools and techniques that should be known to retrieve information about your target.
In this part I will provide some different techniques of SMTP Enumeration, first I want to give some details about the important commands that we will need to know.
SMTP provides 3 built-in-commands:
— VRFY: means validates users.
— EXPN: Tells the actual delivery addresses of aliases and mailing lists.
— RCPT TO: Defines the recipients of the message.
Those different response commands can determine if the user is valid or not, also there are more commands that the SMTP server use but we will need only those for now to enumerate. …
Hello Medium!! I always missed understanding the way proxies are used, however, the definition is so simple but people still miss understand how they are used and each time they made me unsure of the knowledge I have. So once and for all we will go together through all the proxy types and we will understand how they are used. And if anyone judges your knowledge send him that article.
At first, I thought that proxies are difficult to understand and I didn’t even imagine that I will handle them one day and to be honest after my research I just find out that they are so easy to understand, in this article we will go through the following…
Hi Medium! Here we are again with a new article, today we will share a small tutorial where we will implement the OSSIM solution, so we will talk about :
2.1 Work environment
2.1.1 Hardware environment
2.1.2 Software environment
2.2 Implementation and test
In this chapter, we present the realization part of our platform. We begin by presenting the work environment and the tools used. The last part of this chapter will be devoted to testing the proper functioning of our solution and its hosting.
2.1 Work environment
The work environment consists of two parts named hardware environment and software…
Hi Medium! Here we are again with a new article, today we will talk about SOC technology and Best Practice. We are going to discover :
+ What is SOC?
+ Why is SOC Important?
+ SOC Management
+ Best Practice
SOC (Security Operation Center), is a division within a security cell, which ensure the security of the organization, at technical and organizational levels. …
Hi Medium! Here we are again with a new article, today we will talk about TLS Overview as follow:
4. Defence in Depth
5. Symmetric encryption
6. Asymmetric encryption
7. Cryptographic Hash function
8. Man In The Middle (MITM)
9. Transport Layer Security
10. Banking Malware That Uses TLS
Security is very critical for enterprises and organizations of all sizes and in all industries. Information security is a set of processes, tools, policies, and implemented systems against internal and external attacks that can damage or stop the services offered by an organization. …
Hi Medium! This is the Enumeration part.
In this chapter we are going to discover the following topics:
The most important phase before attacking a target is “Reconnaissance”.The more effort the attacker put in during this phase the more likely he guarantee the attack success. Before the weaponization phase (gaining access) there are 4 phases in reconnaissance:
During the enumeration phase, the attacker creates an active connection with the target and tries to gain information about it, these pieces of information will help him to identify a system attack point that will help to accomplish the vulnerability assessment phase. …
Hi Medium! Here we are again with a new article, today we will share a small tutorial where we will talk about all the steps that we need to configure Rsyslog and to create certificates:
3. Software needed
Rsyslog is an Open Source software work on Unix, Rsyslog helps to send messages over IP network, it’s based on Syslog protocol, and can help to filter traffic and flexible configuration.
Transport Layer Security is a cryptographic protocol that provides a secure connection over a computer network, “ Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers. …
Hi Medium! Here we are again with a new article, today we will talk about advanced threat detection using threat intelligence and well-dedicated scripts using python as follow:
Intelligence, as defined by Edward Waltz, is “the information and knowledge about an adversary obtained through observation, investigation, analysis, or understanding, is the product that provides battlespace awareness”.
Intelligence is the collecting and processing of information about a competitive entity and its agents, needed by an organization or group for its security and well-being. (from Bimfort’s definition)
Intelligence is defined by Robert Clark as being actionable information. …
Hi Medium, here we are again with a new article, today we will talk about SIEM technology and it’s importance in any environment:
+ What is SIEM?
+ Why is SIEM Important?
+ The Essential SIEM Tools
+ 8 Best SIEM Tools
+ 4 Best Open Source SIEM
SIEM is a security event/log management, SIEM basic capabilities are log collection, normalization, notifications and alerts, security Incident Detection, and Threat response workflow.
SIEM records data from users’ internal networks (network, devices, servers, and firewalls) and identifies potential issues of attacks.
All those collected information passed to a management console where it can be analyzed to ensure that vulnerabilities between cybersecurity tools can be monitored and addressed. …