• continue reading
  • What are Honeypots and why do I want them?

    Honeypots can provide valuable insights into the threat landscape, both in the open internet as well as your internal network. Deploying them right is not always straightforward, just like interpreting any activity on them.

    continue reading
  • HTB - Networked

    Writeup for the retired HTB machine Networked
    Link: https://www.hackthebox.eu/home/machines/profile/203

    continue reading
  • HTB - Jarvis

    Writeup for the retired HTB machine Jarvis
    Link: https://www.hackthebox.eu/home/machines/profile/194

    continue reading
  • HTB - Bastion

    Writeup for the retired HTB machine Bastion
    Link: https://www.hackthebox.eu/home/machines/profile/186

    continue reading
  • HTB - Swag Shop

    Writeup for the retired HTB machine Swag Shop
    Link: hhttps://www.hackthebox.eu/home/machines/profile/188

    continue reading
  • HTB - Writeup

    Writeup for the retired HTB machine Writeup
    Link: https://www.hackthebox.eu/home/machines/profile/192

    continue reading
  • HTB - Luke

    Writeup for the retired HTB machine Luke
    Link: https://www.hackthebox.eu/home/machines/profile/190

    continue reading
  • Benchmark Basics

    Now that we have this fancy lab, a benchmark is needed for qualitative evaluation of different algorithms and products.
    For this, I’ve built a Python 3-based framework for ease of use.

    continue reading
  • Datasets

    There are various well known and well used datasets that are used in academia.
    Let’s have a look at some of them and their properties. For the final version of my testbench I am using NSL-KDD as well as CICIDS2017.

    continue reading
  • ESP8266 POSTing sensor data to Splunk HEC

    One Day Builds: Use an ESP8266 to collect sensor data and transmit these to Splunk!
    I recently acquired a DHT22 temperature and humidity sensor and though to myself “gee, it would be awfully nice if I could collect time series data of this sensor”.

    continue reading
  • Master Netflow Lab

    For the matter of my masters’ thesis I am in need of a well defined lab environment that is capabale of simulating traffic as well as running on test data.
    This is how I built it.

    continue reading
  • Building a Cuckoo Sandbox on ESXi

    As there are some honeypots and miscellaneous mail accounts that collect spam and malware, I am in need of a secured environment that is capable of running and dynamically analyzing the collected payloads.
    There are many commercial services available, i.e. vmray or Hybrid Analysis, but there is also an Open Source contestor: Cuckoo Sandbox

    continue reading
  • Lab Overview

    As I am building a different approach to IDS from the bottom, I am in need of a proper lab setup.
    This post outlines a high level overview to nuture a basic understanding of future architecture decisions.

    continue reading
  • Mermaid

    It is time for graphs and pictures to better illustrate the archtitecture of various stuff I am bulding.
    So I settled on mermaid, wich is a lightweight markdown-like script language for chart generation.
    In this post I am presenting you the way I set it up with Github Pages.

    continue reading
  • Splunk and Netflows

    So, you want to do your large scale intrusion detection on netflows - but how do you get them in a datasink?
    Let me tell you about Splunk Stream, the TA that saved my prolonged back in the setup phase.

    continue reading
  • Machine Learning Basics

    Until now, we have successfully defined what an Intrusion Detection System is and how it can be categorized.
    Now I have to say, I am a really lazy person, as many Computer Science people are.
    I like to leave the heavy lifting and processing to machines that are really good and efficient at this task.
    That’s where Machine Learning comes into play.

    continue reading
  • What are Intrusion Detection Systems?

    Interconnected computer systems have an ever increasing importance in our modern lives.
    As these networks grow in complexity, human-based monitoring of activities is unlikely to find malicious activity.
    Therefore it can be beneficent to add another layer of defense into the system after authorization and authentication to ensure that possible intrusions are detected and reported.

    continue reading
  • Signature vs anomaly-based detection

    As [Wang2017] and [Lee1998] state, IDS detection can be classified either as signature-based or anomaly-based detection.
    If you need a little primer on intrusion detection systems, read my post on defining IDS in the wild.

    continue reading
  • Welcome

    Hi there! I’m Mat and I like to do things.
    I dabble in IT Sec, SOAR, Malware Analysis, OSINT, CTFs and whatever I find interesting at the moment.

    continue reading

subscribe via RSS