Cyber Security Architect
Image for post
Image for post
Source

How to detect a cyber attack or a threat

Hi Medium! Here we are again with a new article, today we will talk about advanced threat detection and the several methods used in defense as follows:

  1. Threat Detection Concept
  2. How We Can Detect Threats

1. Threat Detection Team

Facing different attacks is not an easy job, the threat detection team need to act in a fast and efficient way when a hacker slipped past their defenses. Threat detection is where the security guys that work within an organization identify “known” and “unknown” attacks (sophisticated ones). …


Image for post
Image for post
Source

Hi Medium! Here we are again with a new article, I was asked by a friend in my last article about Enumeration to provide a breakout on the SMTP technique.

In this article, we will go through different tools and techniques that should be known to retrieve information about your target.

+ SMTP technique :

In this part I will provide some different techniques of SMTP Enumeration, first I want to give some details about the important commands that we will need to know.

SMTP provides 3 built-in-commands: — VRFY: means validates users. — EXPN: Tells the actual delivery addresses of aliases and mailing…


Image for post
Image for post
Source

Proxy types and how it works

Hello Medium!! I always missed understanding the way proxies are used, however, the definition is so simple but people still miss understand how they are used and each time they made me unsure of the knowledge I have. So once and for all we will go together through all the proxy types and we will understand how they are used. And if anyone judges your knowledge send him that article.

At first, I thought that proxies are difficult to understand and I didn’t even imagine that I will handle them one day and to be honest after my research I…


Image for post
Image for post
Source

Hi Medium! Here we are again with a new article, today we will share a small tutorial where we will implement the OSSIM solution, so we will talk about :

Introduction
2.1 Work environment
2.1.1 Hardware environment
2.1.2 Software environment
2.2 Implementation and test
Conclusion

Introduction

In this chapter, we present the realization part of our platform. We begin by presenting the work environment and the tools used. The last part of this chapter will be devoted to testing the proper functioning of our solution and its hosting.

2.1 Work environment

The work environment consists of two parts named hardware…


Image for post
Image for post
Source

SOC technology and Best Practice

Hi Medium! Here we are again with a new article, today we will talk about SOC technology and Best Practice. We are going to discover :

+ What is SOC?
+ Why is SOC Important?
+ SOC Management
+ Best Practice
+ Conclusion

1- What is SOC?

SOC (Security Operation Center), is a division within a security cell, which ensure the security of the organization, at technical and organizational levels. …


Image for post
Image for post
Source

TLS Overview

Hi Medium! Here we are again with a new article, today we will talk about TLS Overview as follow:

1. Confidentiality
2. Integrity
3. Availability
4. Defence in Depth
5. Symmetric encryption
6. Asymmetric encryption
7. Cryptographic Hash function
8. Man In The Middle (MITM)
9. Transport Layer Security
10. Banking Malware That Uses TLS

Introduction

Security is very critical for enterprises and organizations of all sizes and in all industries. Information security is a set of processes, tools, policies, and implemented systems against internal and external attacks that can damage or stop the services offered by an organization. …


Image for post
Image for post

Enumeration

Hi Medium! This is the Enumeration part.
In this chapter we are going to discover the following topics:

  • Introduction
  • Why Enumeration?
  • Enumeration techniques
  • Enumeration Tools on Linux and Windows
  • Summary

Introduction

The most important phase before attacking a target is “Reconnaissance”.The more effort the attacker put in during this phase the more likely he guarantee the attack success. Before the weaponization phase (gaining access) there are 4 phases in reconnaissance:

  1. Footprinting
  2. Scanning
  3. Enumeration
  4. Vulnerability assessment.

During the enumeration phase, the attacker creates an active connection with the target and tries to gain information about it, these pieces of information will help…


Image for post
Image for post
Source

Rsyslog configuring with TLS (send log file)

Hi Medium! Here we are again with a new article, today we will share a small tutorial where we will talk about all the steps that we need to configure Rsyslog and to create certificates:

1. Rsyslog
2. TLS
3. Software needed
4. Configuration
Summary
Read more

1. Rsyslog

Rsyslog is an Open Source software work on Unix, Rsyslog helps to send messages over IP network, it’s based on Syslog protocol, and can help to filter traffic and flexible configuration.

2. TLS

Transport Layer Security is a cryptographic protocol that provides a secure connection over a computer network, “ Several versions of the protocols…


Image for post
Image for post
Source

Use Threat Intelligence and Python Scripts In Malware Detection

[4min Reading]

Hi Medium! Here we are again with a new article, today we will talk about advanced threat detection using threat intelligence and well-dedicated scripts using python as follow:

  1. Threat Intelligence definition
  2. Blacklisted IP
  3. Blacklisted Domain
  4. Blacklisted Certificate

1. Threat Intelligence definition

Intelligence, as defined by Edward Waltz, is “the information and knowledge about an adversary obtained through observation, investigation, analysis, or understanding, is the product that provides battlespace awareness”.

Intelligence is the collecting and processing of information about a competitive entity and its agents, needed by an organization or group for its security and well-being. (from Bimfort’s definition)

Intelligence is defined by…


Image for post
Image for post
Source

SIEM Technology

Hi Medium, here we are again with a new article, today we will talk about SIEM technology and it’s importance in any environment:

+ What is SIEM?
+ Why is SIEM Important?
+ The Essential SIEM Tools
+ 8 Best SIEM Tools
+ 4 Best Open Source SIEM
+ Conclusion

+ What is SIEM?

SIEM is a security event/log management, SIEM basic capabilities are log collection, normalization, notifications and alerts, security Incident Detection, and Threat response workflow.

SIEM records data from users’ internal networks (network, devices, servers, and firewalls) and identifies potential issues of attacks.

All those collected information passed to a…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store