- continue reading
Honeypots can provide valuable insights into the threat landscape, both in the open internet as well as your internal network. Deploying them right is not always straightforward, just like interpreting any activity on them.continue reading
Writeup for the retired HTB machine Networkedcontinue reading
Writeup for the retired HTB machine Jarviscontinue reading
Writeup for the retired HTB machine Bastioncontinue reading
Writeup for the retired HTB machine Swag Shopcontinue reading
Writeup for the retired HTB machine Writeupcontinue reading
Writeup for the retired HTB machine Lukecontinue reading
Now that we have this fancy lab, a benchmark is needed for qualitative evaluation of different algorithms and products.continue reading
For this, I’ve built a Python 3-based framework for ease of use.
There are various well known and well used datasets that are used in academia.continue reading
Let’s have a look at some of them and their properties. For the final version of my testbench I am using NSL-KDD as well as CICIDS2017.
One Day Builds: Use an ESP8266 to collect sensor data and transmit these to Splunk!continue reading
I recently acquired a DHT22 temperature and humidity sensor and though to myself “gee, it would be awfully nice if I could collect time series data of this sensor”.
For the matter of my masters’ thesis I am in need of a well defined lab environment that is capabale of simulating traffic as well as running on test data.continue reading
This is how I built it.
As there are some honeypots and miscellaneous mail accounts that collect spam and malware, I am in need of a secured environment that is capable of running and dynamically analyzing the collected payloads.continue reading
There are many commercial services available, i.e. vmray or Hybrid Analysis, but there is also an Open Source contestor: Cuckoo Sandbox
As I am building a different approach to IDS from the bottom, I am in need of a proper lab setup.continue reading
This post outlines a high level overview to nuture a basic understanding of future architecture decisions.
It is time for graphs and pictures to better illustrate the archtitecture of various stuff I am bulding.continue reading
So I settled on mermaid, wich is a lightweight markdown-like script language for chart generation.
In this post I am presenting you the way I set it up with Github Pages.
So, you want to do your large scale intrusion detection on netflows - but how do you get them in a datasink?continue reading
Let me tell you about Splunk Stream, the TA that saved my prolonged back in the setup phase.
Until now, we have successfully defined what an Intrusion Detection System is and how it can be categorized.continue reading
Now I have to say, I am a really lazy person, as many Computer Science people are.
I like to leave the heavy lifting and processing to machines that are really good and efficient at this task.
That’s where Machine Learning comes into play.
Interconnected computer systems have an ever increasing importance in our modern lives.continue reading
As these networks grow in complexity, human-based monitoring of activities is unlikely to find malicious activity.
Therefore it can be beneficent to add another layer of defense into the system after authorization and authentication to ensure that possible intrusions are detected and reported.
As [Wang2017] and [Lee1998] state, IDS detection can be classified either as signature-based or anomaly-based detection.continue reading
If you need a little primer on intrusion detection systems, read my post on defining IDS in the wild.
Hi there! I’m Mat and I like to do things.continue reading
I dabble in IT Sec, SOAR, Malware Analysis, OSINT, CTFs and whatever I find interesting at the moment.
subscribe via RSS