Investigating Cyber Attacks With Snort | TryHackMe Snort Challenge -- Live Attacks

  Рет қаралды 16,115

Motasem Hamdan | Cyber Security & Tech

Motasem Hamdan | Cyber Security & Tech

Күн бұрын

Пікірлер
@jamilshekinski
@jamilshekinski 11 ай бұрын
Thank You Motasem!! And yes, please do some more Snort walkthroughs. It's been hardest for me so far in SOC T1 path.
@ahmedJm1
@ahmedJm1 2 ай бұрын
been watching the snort vids thanks for your help and guidance.
@davidmohan2698
@davidmohan2698 2 жыл бұрын
How do you justify it being SSH. It could be port 80 because its the same two ip addresses back and forth so where do you come to the conclusion its just browsing? Could be brute force on login page. Please can you explain more clearly. There are more packets from port 80 than port 22. If there are multiple ip addresses visiting that port you could class that as browsing because a lot of people visit that page.
@Eddy-f4r6e
@Eddy-f4r6e 11 ай бұрын
I think you can just check both.
@austynstephens9263
@austynstephens9263 Жыл бұрын
Thanks for the support
@johnpaulramelo6100
@johnpaulramelo6100 Жыл бұрын
May i ask if we can have a copy of your snort commands ? just the snort only hehe or maybe we can purchase? thanks.
@darttrapdoor9842
@darttrapdoor9842 9 ай бұрын
In production, this is not a great rule. Yes, it gets you the flag (which is all that counts) but if there is a legit ssh server then blocking all traffic to it is effectively a DOS. better to write a more targetted rule for the source and desitnation.
@zedhacking
@zedhacking 9 ай бұрын
thats write ! like this rule maybe drop tcp 10.10.245.36 any -> any 22 (msg: " Stop the attacker SSH " ; sid: 1000001; rev:1; )
@AboodSpiN
@AboodSpiN Жыл бұрын
Thank you so much brother!!! amazing explanation, please don't mind me asking, do you look at the malicious port regardless if its from our IP port or destination IP port?
@Eddy-f4r6e
@Eddy-f4r6e 11 ай бұрын
hello, what app/document do you use to layout your notes like that?
@MotasemHamdan
@MotasemHamdan 11 ай бұрын
Hello, Obsidian
@aspeakgaming3564
@aspeakgaming3564 Жыл бұрын
I dont understand the point of writing a local rule and then using the default config
@twixigan1387
@twixigan1387 Жыл бұрын
I didn't either. I used /etc/snort/rules/local.rules instead of the default config and it worked.
@zero-ib1jd
@zero-ib1jd 10 ай бұрын
Wonderful video thanks!
@barood3
@barood3 11 ай бұрын
thanks motaism , where I can find your note .. give me the name in your website , its in Special Courses Catalog or Cybersecurity Field Notes
@mahfouzsarmini1244
@mahfouzsarmini1244 9 ай бұрын
what the name website when try looking for command ?
@aslammap
@aslammap Жыл бұрын
THIS IS GREAT THANK YOU
@siddhant2943
@siddhant2943 2 жыл бұрын
I got the flag in first attempt. But I didn't read the whole logs. Seeing that many http requests on port 80 I thought its obviously tcp/80.
@Maccanarchy
@Maccanarchy 7 ай бұрын
Absolute legend
@scottp8329
@scottp8329 Жыл бұрын
loving the vid's really helping me 🤙🏼
@qani613
@qani613 2 жыл бұрын
hey Motasem, where can I find the link for your notes ? I can't find it on your channel
@MotasemHamdan
@MotasemHamdan 2 жыл бұрын
kzbin.info/door/NSdU_1ehXtGclimTVckHmQjoin
@muradrzazade
@muradrzazade 2 жыл бұрын
@@MotasemHamdan Can you please make it available in Azerbaijan as well?
@zidanetribal2343
@zidanetribal2343 2 жыл бұрын
or , further before using -A full to stop the attack you can use this command to check the rule in IPS mode, sudo snort -c -q -Q --daq afpacket -i eth0:eth1 -A console
@iits3mmar
@iits3mmar Жыл бұрын
How I can get access to your notes ?
@MotasemHamdan
@MotasemHamdan Жыл бұрын
Hello, notes are part of channel membership tier 2. Details: motasem-notes.net/cyber-security-field-notes/
@fakridinemichaelson9802
@fakridinemichaelson9802 6 ай бұрын
ehre can we find out your note
@MotasemHamdan
@MotasemHamdan 6 ай бұрын
Check below link out; buymeacoffee.com/notescatalog/extras
@ahmedJm1
@ahmedJm1 2 ай бұрын
Also, if you don't mid sharing your snort notes i will be very thankful!
@cybersecurityalngar2632
@cybersecurityalngar2632 2 жыл бұрын
انت عربي؟
@MotasemHamdan
@MotasemHamdan 2 жыл бұрын
صحيح
Snort IDS / IPS Complete Practical Guide  | TryHackme
1:20:56
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 56 М.
Analyzing HTTP and FTP Traffic with Snort | TryHackMe Snort Challenge - The Basics
25:06
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 22 М.
Tuna 🍣 ​⁠@patrickzeinali ​⁠@ChefRush
00:48
albert_cancook
Рет қаралды 148 МЛН
Don’t Choose The Wrong Box 😱
00:41
Topper Guild
Рет қаралды 62 МЛН
So Cute 🥰 who is better?
00:15
dednahype
Рет қаралды 19 МЛН
Analyzing Cybersecurity Incidents with Zeek IDS | TryHackMe Zeek Exercises
35:28
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 2,1 М.
Cyber Incident Response with Splunk |  TryHackMe Incident Handling with Splunk
44:44
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 27 М.
Detecting Log4j Exploit with Snort | TryHackMe Snort Challenge
28:53
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 7 М.
Solving a REAL investigation using OSINT
19:03
Gary Ruddell
Рет қаралды 206 М.
VPN Logs Investigation and Data Analytics With Elastic Stack | TryHackMe | Cyber Security
35:59
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 4,7 М.
Investigating A Hacked Windows with Powershell | TryHackMe Investigating Windows 3.X
45:12
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 4,6 М.
What are you SNORTing? Snort Live Attacks
30:23
Evan David - Cyber and Tech
Рет қаралды 63
SNORT Challenge -The Basics: Tryhackme Soc Level 1 path
58:42
stuffy24
Рет қаралды 1,6 М.