When setting up and tuning a SIEM solution, you will write a lot of rules to detect well-known and arising … More Script to enumerate Windows events with name, ID, security monitoring recommendation, URL
DNS – the Domain Name System – is a main cornerstone of the internet. Whenever you are browsing to a … More As DoH gains traction, some thoughts on DNS security and privacy
When working in IT security event monitoring, you will accumulate tons of log data which you will want to perform … More Working on large data sets in Python
A common task when working with a SIEM is to onboard new technologies: In order to discover and alert on … More Why you do not want to have “all” data in your SIEM
While the white-collar world was hastily relocating into the home office, IT departments were busy getting their hands on all … More Corona-induced home office: Bad for security, great for finding out who has an affair with whom
In the past I wrote a blog post about Process Explorer to find hidden threats on potentially compromised systems. As … More Sysmon 11.0 released: Spot hidden tracks even better
Wireshark is a very useful tool for network troubleshooting, but also for Blue (discover attacks) and Red (sniff secrets) security … More Reading encrypted network traffic & why connection coalescing, session resumption and perfect forward secrecy help
ARP – the address resolution protocol – is responsible for translating IP addresses into MAC addresses. If your system wants … More Run ARP poisoning attacks with Metasploit and detect them with Wireshark
In the previous post I explained how to set up your Alfa WiFi adapter to perform security tests on your … More Easy steps for testing your WEP/WPA WiFi with aircrack-ng
For people in IT security who want to perform penetration testing on wireless networks, it is important to have a … More Get Alfa AWUS036ACH USB NIC running on Kali VM to attack wireless networks