Investigating Cyber Attacks With Snort | TryHackMe Snort Challenge -- Live Attacks
Рет қаралды 16,307
@jamilshekinski 11 ай бұрын
Thank You Motasem!! And yes, please do some more Snort walkthroughs. It's been hardest for me so far in SOC T1 path.
@ahmedJm1 3 ай бұрын
been watching the snort vids thanks for your help and guidance.
@davidmohan2698 2 жыл бұрын
How do you justify it being SSH. It could be port 80 because its the same two ip addresses back and forth so where do you come to the conclusion its just browsing? Could be brute force on login page. Please can you explain more clearly. There are more packets from port 80 than port 22. If there are multiple ip addresses visiting that port you could class that as browsing because a lot of people visit that page.
@Eddy-f4r6e Жыл бұрын
I think you can just check both.
@scottp8329 2 жыл бұрын
loving the vid's really helping me 🤙🏼
@johnpaulramelo6100 Жыл бұрын
May i ask if we can have a copy of your snort commands ? just the snort only hehe or maybe we can purchase? thanks.
@zero-ib1jd 11 ай бұрын
Wonderful video thanks!
@aslammap Жыл бұрын
THIS IS GREAT THANK YOU
@darttrapdoor9842 9 ай бұрын
In production, this is not a great rule. Yes, it gets you the flag (which is all that counts) but if there is a legit ssh server then blocking all traffic to it is effectively a DOS. better to write a more targetted rule for the source and desitnation.
@zedhacking 9 ай бұрын
thats write ! like this rule maybe drop tcp 10.10.245.36 any -> any 22 (msg: " Stop the attacker SSH " ; sid: 1000001; rev:1; )
@austynstephens9263 Жыл бұрын
Thanks for the support
@AboodSpiN Жыл бұрын
Thank you so much brother!!! amazing explanation, please don't mind me asking, do you look at the malicious port regardless if its from our IP port or destination IP port?
@siddhant2943 2 жыл бұрын
I got the flag in first attempt. But I didn't read the whole logs. Seeing that many http requests on port 80 I thought its obviously tcp/80.
@barood3 Жыл бұрын
thanks motaism , where I can find your note .. give me the name in your website , its in Special Courses Catalog or Cybersecurity Field Notes
@Maccanarchy 8 ай бұрын
Absolute legend
@zidanetribal2343 2 жыл бұрын
or , further before using -A full to stop the attack you can use this command to check the rule in IPS mode, sudo snort -c -q -Q --daq afpacket -i eth0:eth1 -A console
@aspeakgaming3564 Жыл бұрын
I dont understand the point of writing a local rule and then using the default config
@twixigan1387 Жыл бұрын
I didn't either. I used /etc/snort/rules/local.rules instead of the default config and it worked.
@mahfouzsarmini1244 10 ай бұрын
what the name website when try looking for command ?
@Eddy-f4r6e Жыл бұрын
hello, what app/document do you use to layout your notes like that?
@MotasemHamdan Жыл бұрын
Hello, Obsidian
@iits3mmar Жыл бұрын
How I can get access to your notes ?
@MotasemHamdan Жыл бұрын
Hello, notes are part of channel membership tier 2. Details: motasem-notes.net/cyber-security-field-notes/
@qani613 2 жыл бұрын
hey Motasem, where can I find the link for your notes ? I can't find it on your channel
@MotasemHamdan 2 жыл бұрын
kzbin.info/door/NSdU_1ehXtGclimTVckHmQjoin
@muradrzazade 2 жыл бұрын
@@MotasemHamdan Can you please make it available in Azerbaijan as well?
@ahmedJm1 3 ай бұрын
Also, if you don't mid sharing your snort notes i will be very thankful!
@fakridinemichaelson9802 6 ай бұрын
ehre can we find out your note
@MotasemHamdan 6 ай бұрын
Check below link out; buymeacoffee.com/notescatalog/extras
@cybersecurityalngar2632 2 жыл бұрын
انت عربي؟
@MotasemHamdan 2 жыл бұрын
صحيح
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 57 М.
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 22 М.
BalcevMMA_BOXING
Рет қаралды 1,2 МЛН
Matt Brown
Рет қаралды 1,3 МЛН
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 28 М.
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 7 М.
DEFCONConference
Рет қаралды 50 М.