Thank You Motasem!! And yes, please do some more Snort walkthroughs. It's been hardest for me so far in SOC T1 path.
@ahmedJm12 ай бұрын
been watching the snort vids thanks for your help and guidance.
@davidmohan26982 жыл бұрын
How do you justify it being SSH. It could be port 80 because its the same two ip addresses back and forth so where do you come to the conclusion its just browsing? Could be brute force on login page. Please can you explain more clearly. There are more packets from port 80 than port 22. If there are multiple ip addresses visiting that port you could class that as browsing because a lot of people visit that page.
@Eddy-f4r6e11 ай бұрын
I think you can just check both.
@austynstephens9263 Жыл бұрын
Thanks for the support
@johnpaulramelo6100 Жыл бұрын
May i ask if we can have a copy of your snort commands ? just the snort only hehe or maybe we can purchase? thanks.
@darttrapdoor98429 ай бұрын
In production, this is not a great rule. Yes, it gets you the flag (which is all that counts) but if there is a legit ssh server then blocking all traffic to it is effectively a DOS. better to write a more targetted rule for the source and desitnation.
@zedhacking9 ай бұрын
thats write ! like this rule maybe drop tcp 10.10.245.36 any -> any 22 (msg: " Stop the attacker SSH " ; sid: 1000001; rev:1; )
@AboodSpiN Жыл бұрын
Thank you so much brother!!! amazing explanation, please don't mind me asking, do you look at the malicious port regardless if its from our IP port or destination IP port?
@Eddy-f4r6e11 ай бұрын
hello, what app/document do you use to layout your notes like that?
@MotasemHamdan11 ай бұрын
Hello, Obsidian
@aspeakgaming3564 Жыл бұрын
I dont understand the point of writing a local rule and then using the default config
@twixigan1387 Жыл бұрын
I didn't either. I used /etc/snort/rules/local.rules instead of the default config and it worked.
@zero-ib1jd10 ай бұрын
Wonderful video thanks!
@barood311 ай бұрын
thanks motaism , where I can find your note .. give me the name in your website , its in Special Courses Catalog or Cybersecurity Field Notes
@mahfouzsarmini12449 ай бұрын
what the name website when try looking for command ?
@aslammap Жыл бұрын
THIS IS GREAT THANK YOU
@siddhant29432 жыл бұрын
I got the flag in first attempt. But I didn't read the whole logs. Seeing that many http requests on port 80 I thought its obviously tcp/80.
@Maccanarchy7 ай бұрын
Absolute legend
@scottp8329 Жыл бұрын
loving the vid's really helping me 🤙🏼
@qani6132 жыл бұрын
hey Motasem, where can I find the link for your notes ? I can't find it on your channel
@MotasemHamdan2 жыл бұрын
kzbin.info/door/NSdU_1ehXtGclimTVckHmQjoin
@muradrzazade2 жыл бұрын
@@MotasemHamdan Can you please make it available in Azerbaijan as well?
@zidanetribal23432 жыл бұрын
or , further before using -A full to stop the attack you can use this command to check the rule in IPS mode, sudo snort -c -q -Q --daq afpacket -i eth0:eth1 -A console
@iits3mmar Жыл бұрын
How I can get access to your notes ?
@MotasemHamdan Жыл бұрын
Hello, notes are part of channel membership tier 2. Details: motasem-notes.net/cyber-security-field-notes/
@fakridinemichaelson98026 ай бұрын
ehre can we find out your note
@MotasemHamdan6 ай бұрын
Check below link out; buymeacoffee.com/notescatalog/extras
@ahmedJm12 ай бұрын
Also, if you don't mid sharing your snort notes i will be very thankful!