subscribe via RSS
-
How to Open Source Your Project (II)
In part 2 of the OSS howto series, we take a look at Community, Collaboration, and Context (read part 1 here).
continue reading -
How to Open Source Your Project (I)
Transitioning a project from private to public development means more than just changing the visibility of the GitHub repositories. In part 1, we take a look at how your product and your team should guide your decisions.
continue reading -
Honeypot Data Visualization & Automation
After we’ve taken a look at deploying honeypots and collecting their data, the next logical step is to visualize the plethora of collected logs.
continue reading -
Honeypot Deployment and Customization
Deploying Honeypots right is not always straightforward and leaves plenty of room for mistakes. Join me for a while to learn about deployment and customization of Honeypots.
continue reading -
My Python Testing Best Practices
As someone who has been using Python professionally in the younger past, I found some best practices regarding testing and project setup that work well for me. Today I’d like to share them with you.
continue reading -
picoCTF 2019 - General Skills
The picoCTF 2019 contained multiple challenges in the “General” category. As most of these were rather short, they are documented in a collective post rather than single ones.
continue reading -
What are Honeypots and why do I want them?
Honeypots can provide valuable insights into the threat landscape, both in the open internet as well as your internal network. Deploying them right is not always straightforward, just like interpreting any activity on them.
continue reading -
HTB - Networked
Writeup for the retired HTB machine Networked
continue reading
Link: https://www.hackthebox.eu/home/machines/profile/203
IP: 10.10.10.146 -
HTB - Jarvis
Writeup for the retired HTB machine Jarvis
continue reading
Link: https://www.hackthebox.eu/home/machines/profile/194
IP: 10.10.10.143 -
HTB - Bastion
Writeup for the retired HTB machine Bastion
continue reading
Link: https://www.hackthebox.eu/home/machines/profile/186
IP: 10.10.10.134 -
HTB - Swag Shop
Writeup for the retired HTB machine Swag Shop
continue reading
Link: hhttps://www.hackthebox.eu/home/machines/profile/188
IP: 10.10.10.140 -
HTB - Writeup
Writeup for the retired HTB machine Writeup
continue reading
Link: https://www.hackthebox.eu/home/machines/profile/192
IP: 10.10.10.138 -
HTB - Luke
Writeup for the retired HTB machine Luke
continue reading
Link: https://www.hackthebox.eu/home/machines/profile/190
IP: 10.10.10.137 -
Benchmark Basics
Now that we have this fancy lab, a benchmark is needed for qualitative evaluation of different algorithms and products.
continue reading
For this, I’ve built a Python 3-based framework for ease of use. -
Datasets
There are various well known and well used datasets that are used in academia.
continue reading
Let’s have a look at some of them and their properties. For the final version of my testbench I am using NSL-KDD as well as CICIDS2017. -
ESP8266 POSTing sensor data to Splunk HEC
One Day Builds: Use an ESP8266 to collect sensor data and transmit these to Splunk!
continue reading
I recently acquired a DHT22 temperature and humidity sensor and though to myself “gee, it would be awfully nice if I could collect time series data of this sensor”. -
Master Netflow Lab
For the matter of my masters’ thesis I am in need of a well defined lab environment that is capabale of simulating traffic as well as running on test data.
continue reading
This is how I built it. -
Building a Cuckoo Sandbox on ESXi
As there are some honeypots and miscellaneous mail accounts that collect spam and malware, I am in need of a secured environment that is capable of running and dynamically analyzing the collected payloads.
continue reading
There are many commercial services available, i.e. vmray or Hybrid Analysis, but there is also an Open Source contestor: Cuckoo Sandbox -
Lab Overview
As I am building a different approach to IDS from the bottom, I am in need of a proper lab setup.
continue reading
This post outlines a high level overview to nuture a basic understanding of future architecture decisions. -
Mermaid
It is time for graphs and pictures to better illustrate the archtitecture of various stuff I am bulding.
continue reading
So I settled on mermaid, wich is a lightweight markdown-like script language for chart generation.
In this post I am presenting you the way I set it up with Github Pages. -
Splunk and Netflows
So, you want to do your large scale intrusion detection on netflows - but how do you get them in a datasink?
continue reading
Let me tell you about Splunk Stream, the TA that saved my prolonged back in the setup phase. -
Machine Learning Basics
Until now, we have successfully defined what an Intrusion Detection System is and how it can be categorized.
continue reading
Now I have to say, I am a really lazy person, as many Computer Science people are.
I like to leave the heavy lifting and processing to machines that are really good and efficient at this task.
That’s where Machine Learning comes into play. -
What are Intrusion Detection Systems?
Interconnected computer systems have an ever increasing importance in our modern lives.
continue reading
As these networks grow in complexity, human-based monitoring of activities is unlikely to find malicious activity.
Therefore it can be beneficent to add another layer of defense into the system after authorization and authentication to ensure that possible intrusions are detected and reported. -
Signature vs anomaly-based detection
As [Wang2017] and [Lee1998] state, IDS detection can be classified either as signature-based or anomaly-based detection.
continue reading
If you need a little primer on intrusion detection systems, read my post on defining IDS in the wild. -
Welcome
Hi there! I’m Mat and I like to do things.
continue reading
I dabble in IT Sec, SOAR, Malware Analysis, OSINT, CTFs and whatever I find interesting at the moment.