Snort IDS / IPS Complete Practical Guide | TryHackme

  Рет қаралды 56,678

Motasem Hamdan | Cyber Security & Tech

Motasem Hamdan | Cyber Security & Tech

Күн бұрын

Пікірлер: 99
@inlak
@inlak 2 жыл бұрын
I'd got the same problem with the questions that you didn't found, and I really entered to this video trying to found the answers. Finally i found that the mode that works similar to NIPS is "NBA" (Network Behaviour Analysis), and the kind of NIPS that it is is "full-blown". Hope it will help!
@MFmyk3
@MFmyk3 Жыл бұрын
thank you for explaining this. Been going through the SOC pathway and snort has completely stumped me by not fully explaining the contents of the output it gives (might as well be hieroglyphs lol) . Your teaching and break down of the concepts were super helpful in learning the fundamentals of it.
@MFmyk3
@MFmyk3 Жыл бұрын
Is it possible to share your notes you keep referencing in the video?
@MotasemHamdan
@MotasemHamdan Жыл бұрын
Thank you for the remarks. The notes are part of the third tier of the channel membership@@MFmyk3
@gabrieltorres6881
@gabrieltorres6881 Жыл бұрын
Thanks!
@MotasemHamdan
@MotasemHamdan Жыл бұрын
Thank you Gabriel.
@chicaomassari
@chicaomassari 2 жыл бұрын
According to the official description of the snort, what kind of NIPS is it? full-blown
@assassino689
@assassino689 2 жыл бұрын
As usual, the greates professor! Thanks Motasem!
@wabisabi84
@wabisabi84 6 ай бұрын
I'm sharing my experience here, hopefully, it helps others. I initially missed a key step in Task 8: Operation Mode4 - PCAP Investigations. There are multiple ways to get to point B but I choose the following path: Mr. Hamdan provided a helpful bash command to locate the relevant file: find . -name "icmp-test.pcap". After accessing the directory, I used the command while directory Task 8: snort -r icmp-test.pcap and had no problems moving to the next step. Thank you Mr. Hamdan
@cloudhobbyist
@cloudhobbyist 2 жыл бұрын
3rd to last question in task 4 is "full-blown". It is listed in the description of snort under the blue highlighted letters section.
@deicyricks1700
@deicyricks1700 2 жыл бұрын
OMG!!!!! Thank you so much ! I feel less than dumb ! I spent a significant amount of time on that freaking question !!!!!!!
@selena4072
@selena4072 2 жыл бұрын
how did u get the traffic generator installed ?
@MG-bm5oj
@MG-bm5oj Жыл бұрын
Great job mate. I think this channel is underrated. I have a question. I watched on this video that you are using obsidian. Are you sharing with the comunity your notes or they are private?
@MotasemHamdan
@MotasemHamdan Жыл бұрын
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below kzbin.info/door/NSdU_1ehXtGclimTVckHmQjoin Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below motasem-notes.net/
@johnvardy9559
@johnvardy9559 7 ай бұрын
what a teacher.really i learn a lot of you.
@rabahkhiari8621
@rabahkhiari8621 11 ай бұрын
thanksssssss its a clear video and Very helpful and easy english that help me understand without having fluent english
@ЮрійМинаш
@ЮрійМинаш Жыл бұрын
You are the best in explaining things Motasem , thanks a lot !
@viorage2293
@viorage2293 2 жыл бұрын
I was messing with step 9, question 1, forever and thought I was failing. However, it was because I didn't realize the alert file being made :) Great vid.
@hurrenbardinas490
@hurrenbardinas490 9 ай бұрын
Great content. Please share your entire notes with me, focusing on the sudo command.
@techskyrocket4101
@techskyrocket4101 Жыл бұрын
Can I ask what the notepad are you using? I want to put notes in somewhere and looking for suitable note pad.
@FunnyAnimals-ko8zz
@FunnyAnimals-ko8zz Жыл бұрын
The same question :) can you find an answer ?
@techskyrocket4101
@techskyrocket4101 Жыл бұрын
@@FunnyAnimals-ko8zz it's obsidian ;)
@FunnyAnimals-ko8zz
@FunnyAnimals-ko8zz Жыл бұрын
@@techskyrocket4101 Thanks Bro :)
@JohnFider
@JohnFider 4 ай бұрын
This has been so helpful! Thank you!
@isaacringling3823
@isaacringling3823 Жыл бұрын
very helpful to follow along with at every spot I got stuck in the snort room. Thank you!
@SandeepKumar-zb5uf
@SandeepKumar-zb5uf Жыл бұрын
Thank you so much @Motasem for creating this awesome video on Snort. It was really helpfull and informative from starting to end. I liked the way of your explaining the concepts or points in details with easy explanations. Again appreciated the hard work you put in this video :)
@elisehackmann-tf6xg
@elisehackmann-tf6xg Жыл бұрын
Very well organized and well explained! thank you ! that was really helpful
@SaitejaG-h6h
@SaitejaG-h6h 9 ай бұрын
I was able to complete the task cuz of this video! Super clear :) Thanks much
@samas69420
@samas69420 Жыл бұрын
what kind of packets are the ones you see in sniffer mode at 21:35?
@johnvardy9559
@johnvardy9559 Жыл бұрын
heeeyy mohamed great Containt.Please which tool has been used to keep documentation?
@MotasemHamdan
@MotasemHamdan Жыл бұрын
Heey, Its Obsidian.
@johnvardy9559
@johnvardy9559 Жыл бұрын
@@MotasemHamdan between Soc analyst or Cloud what do you think?
@yousef_alshiekh1650
@yousef_alshiekh1650 10 ай бұрын
hello motasem ty so much for your effort, i have 1 question ,where can I have or buy your notepad library?
@MotasemHamdan
@MotasemHamdan 10 ай бұрын
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below kzbin.info/door/NSdU_1ehXtGclimTVckHmQjoin Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below motasem-notes.net/
@yousef_alshiekh1650
@yousef_alshiekh1650 10 ай бұрын
Tysm@@MotasemHamdan
@SyedaNidaHassan
@SyedaNidaHassan 10 ай бұрын
Superb! Very well organised and well explained. Can you sahre your notes please.
@MotasemHamdan
@MotasemHamdan 10 ай бұрын
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below kzbin.info/door/NSdU_1ehXtGclimTVckHmQjoin Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below motasem-notes.net/
@tradesmenlife
@tradesmenlife 9 ай бұрын
NBA and full-blown, thanks for this video, this snort was so complicated, they really need some gui platform
@AlHoussem
@AlHoussem Ай бұрын
Nice Tutorial, many thanks
@jamilshekinski
@jamilshekinski 11 ай бұрын
1:20:15 - Network Behaviour Analysis - NBA. The second one is - full-blown.
@DANIEL-p6b3x
@DANIEL-p6b3x 3 ай бұрын
thank you for these video. they have been helpful. i am interested in your 974 page notes so it helps with easy referencing. does the package (priced at 34 dollars) contain the notes covering all your videos?thanks
@MotasemHamdan
@MotasemHamdan 3 ай бұрын
Hello, did you mean the blue team notes?
@ian230187
@ian230187 2 жыл бұрын
Hi Motasem, For 9.4 , same ip question, when I used the protocol as ip, I got the answer as 13.. Just wanted to confirm the reason behind using tcp and udp and also just to update changes to rev field are not needed
@anoopvijayan1565
@anoopvijayan1565 2 жыл бұрын
bro first you should remove the alert message that is generated as a result of the previous using the command "sudo rm -r alert". then open the local rule and add the tcp and udp rule as same as what Mr.Motasem Hamdan showed in this tutorial. Then you again run the rule. Then after you will get the answer 10.
@Im-coming-in-2030
@Im-coming-in-2030 4 ай бұрын
Which snort mode works similar to NIPS mode? is a bhhaviour-based intrusion nba
@roadragedrivers-pz6el
@roadragedrivers-pz6el 9 ай бұрын
Thank you, this section was very complicated
@MG-bm5oj
@MG-bm5oj Жыл бұрын
I have everything set up. Snort trigger an alert when I ping the pc where it is installed. The problem is when I do a ping to another PC within my network, Snort doesnt detect it. I have my network card in promisc mode. Any idea why is this happening?
@dukenorris7
@dukenorris7 2 жыл бұрын
What is the notebook you are using? I really like the way it tree's out. I am just using onenote.
@mhmdmhidat2953
@mhmdmhidat2953 Жыл бұрын
Great video, the room is vet long and a bit boring, your videos add enthusiasm
@deems4716
@deems4716 11 ай бұрын
Thank you for sharing this video, but i have question. i have pcaps file and i want command to i see traffic and some Alerts
@anoopvijayan1565
@anoopvijayan1565 2 жыл бұрын
A clear video tutorial. Very helpful to tryhackme beginners. Thanks professor.😊😊
@adnannazir7056
@adnannazir7056 11 ай бұрын
which app do you use for storing notes
@MotasemHamdan
@MotasemHamdan 11 ай бұрын
Obsidian
@selena4072
@selena4072 2 жыл бұрын
are your snort notes with the specific commands and explain what the commands do available online?
@thepuldarshana9056
@thepuldarshana9056 Жыл бұрын
Can you please install and configure on windows server?
@Messi-n2u
@Messi-n2u 20 күн бұрын
Sir task 3 answer 5 is NBA ❤ And thankyou so much sir 🙏🙏
@MotasemHamdan
@MotasemHamdan 20 күн бұрын
Thank you too !
@BrokenBrainOfficial
@BrokenBrainOfficial Жыл бұрын
could you please provide a link to your notes? that would be helpful
@TorgnyHolmlund
@TorgnyHolmlund 2 жыл бұрын
Which snort mode works similar to NIPS mode? NBA According to the official description of the snort, what kind of NIPS is it? full-blown
@reels_shortt
@reels_shortt 2 жыл бұрын
What is the name of the application in the taskbar marked with the letter s
@GOODBOY-vt1cf
@GOODBOY-vt1cf 7 ай бұрын
19:45
@CreepyGRC
@CreepyGRC 2 жыл бұрын
Thank you Motasem, that task 7 question though. haha
@naijaguy1836
@naijaguy1836 Жыл бұрын
Thanks again another awesome video
@zero-ib1jd
@zero-ib1jd 10 ай бұрын
Great video thanks!
@TheUnchartedTrail
@TheUnchartedTrail 2 жыл бұрын
NBA training period is also known as ..? Test the current instance with "/etc/snort/snort.conf" file and check how many rules are loaded with the current build. ?
@jessicajavaherian3992
@jessicajavaherian3992 2 жыл бұрын
baselining
@assassino689
@assassino689 2 жыл бұрын
:))
@VeNoM____
@VeNoM____ 2 жыл бұрын
Answer: 4151 > sudo snort -T -c /etc/snort/snort.conf
@faithkolo
@faithkolo 2 жыл бұрын
Thank you so much for this. You are a life saver!
@zarandiatada
@zarandiatada Жыл бұрын
whats -dev means in sudo snort -dev -K ASCII -l .
@MotasemHamdan
@MotasemHamdan Жыл бұрын
Could you please specify at which minute:second in the video?
@zarandiatada
@zarandiatada Жыл бұрын
34:22 sudo snort -dev - K ASCII -l . @@MotasemHamdan your explanation is very nice man,god bless you,thank you.
@hetpatel9369
@hetpatel9369 9 ай бұрын
can you provide the access to your notes?
@MotasemHamdan
@MotasemHamdan 9 ай бұрын
Once you are subscribed to channel membership, you wil able to access sys admin notes for Linux and Windows. You can also subscribe from here www.buymeacoffee.com/notescatalog/membership
@chicaomassari
@chicaomassari 2 жыл бұрын
Which snort mode works similar to NIPS mode? NBA
@abdoal-saidi3735
@abdoal-saidi3735 2 жыл бұрын
full-blown - baselining
@memepasmal77
@memepasmal77 8 ай бұрын
Thank you Sir !
@jamilshekinski
@jamilshekinski Жыл бұрын
Thank You habibi!!
@mccrory
@mccrory 2 жыл бұрын
Are you sharing your notes that you have saved?
@mccrory
@mccrory 2 жыл бұрын
i mean your notes library?
@MotasemHamdan
@MotasemHamdan 2 жыл бұрын
Hello, online access to notes is part of channel membership kzbin.info/door/NSdU_1ehXtGclimTVckHmQjoin
@ruffajne
@ruffajne 3 ай бұрын
what is rm?
@MotasemHamdan
@MotasemHamdan 3 ай бұрын
Tool in Linux to remove files.
@huuloc8719
@huuloc8719 2 жыл бұрын
Thank you so much.
@0mayhem
@0mayhem 2 жыл бұрын
Could anybody help me with the Task 4 Question 1 is the only question I'm missing, tried a lot of combinations with -V but no success
@VeNoM____
@VeNoM____ 2 жыл бұрын
Answer: 149, type sudo snort -v
@0mayhem
@0mayhem 2 жыл бұрын
@@VeNoM____ thanks bro!!
@manuelchacon6298
@manuelchacon6298 Жыл бұрын
Good course , but the audio level is really low.
@amjadalbalwy5180
@amjadalbalwy5180 2 жыл бұрын
how can I block vpn packets mr?
@abdelrahmanbadie410
@abdelrahmanbadie410 4 ай бұрын
the answer of first one is NBA and the second is full-blown
@naijaguy1836
@naijaguy1836 Жыл бұрын
According to the official description of the snort, what kind of NIPS is it -> full-blown😉
@aytenchelebili2213
@aytenchelebili2213 2 жыл бұрын
thanks for video
@efeminihamilton7645
@efeminihamilton7645 2 жыл бұрын
Two missing answers are NBA and full-blown
@alanchichilla
@alanchichilla 2 жыл бұрын
Great video but dude turn off that alert noises that come up throughout the entire video. It scared me to death!
@jaxson8262
@jaxson8262 2 жыл бұрын
it is NBA
@mutezgannam
@mutezgannam Жыл бұрын
NPA , full-blown
@martx0013
@martx0013 2 жыл бұрын
@msarwar3934
@msarwar3934 Жыл бұрын
Hi Motasem, v lovely videos and explanations thank u. I would like to connect with you regarding some 1:1 coaching for blue team studies. Kindly let me know ur email/id etc or whatsapp plz Thank u 🙏🏾
Snort IDS Tutorial on Security Onion 101 | Security Onion Training
29:38
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 7 М.
Investigating Cyber Attacks With Snort | TryHackMe Snort Challenge -- Live Attacks
25:08
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 16 М.
КОНЦЕРТЫ:  2 сезон | 1 выпуск | Камызяки
46:36
ТНТ Смотри еще!
Рет қаралды 3,7 МЛН
Ful Video ☝🏻☝🏻☝🏻
1:01
Arkeolog
Рет қаралды 14 МЛН
Непосредственно Каха: сумка
0:53
К-Media
Рет қаралды 12 МЛН
How TCP really works // Three-way handshake // TCP/IP Deep Dive
1:01:10
SNORT : Tryhackme Soc Level 1 path
1:21:08
stuffy24
Рет қаралды 2,2 М.
pfSense Firewall (totally) Rules! Basic rule setup...🤫
38:04
The Network Berg
Рет қаралды 159 М.
Snort 2 - Introduction to Rule Writing
19:00
Cisco Talos Intelligence Group
Рет қаралды 25 М.
you need this FREE CyberSecurity tool
32:06
NetworkChuck
Рет қаралды 1,3 МЛН
Analyzing HTTP and FTP Traffic with Snort | TryHackMe Snort Challenge - The Basics
25:06
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 22 М.
Network Intrusion Detection Systems (SNORT)
11:23
Loi Liang Yang
Рет қаралды 300 М.
UM-Bridge: Cloud computing (Linus Seelinger)
22:06
UM-Bridge
Рет қаралды 26
КОНЦЕРТЫ:  2 сезон | 1 выпуск | Камызяки
46:36
ТНТ Смотри еще!
Рет қаралды 3,7 МЛН