• Subscribe to the low volume list for updates.

Archives of Security Research

Install Suricata on Ubuntu 18.04 in 5 minutes

Building a network-based intrusion detection capability can be done in just 5 minutes. Install Suricata to monitor network traffic and look for security events that can indicate an attack or compromise. Suricata is based around the Snort IDS system, with a number of improvements. Suricata performs multi-threaded analysis, natively decode network streams, and assemble files […]
Read More

WordPress User Enumeration

These three enumeration techniques are a very fast way to identify users of a WordPress installation. With valid usernames effective brute force attacks can be attempted to guess the password of the user accounts. WordPress User Enumeration via Author Archives Finding users by iterating through the author archives is a common technique that works in […]
Read More

Brief History of Internet Wide Scanning

In the beginning there were Google Dorks, as far back as 2002 security researchers discovered specific Google queries revealed Internet-connected devices. Seventeen years later, it is still possible to find thousands of unsecured remotely accessible security cameras and printers via simple Google searches. Now, using search engines such as Shodan.io and Censys.io, it has become […]
Read More

Analysis of Top 100K WordPress Sites

CMS Detection Methodology The methodology used to determine the underlying technology of web sites is to search for specific strings within the HTML or the HTTP Headers provided by the web server. For WordPress our process is a simple matter of downloading the headers and page source from all sites in the Alexa top 1 […]
Read More

Wireshark Tutorial and Cheat Sheet

Examples to Understand the Power of Wireshark Wireshark can be useful for many different tasks, whether you are a network engineer, security professional or system administrator. Here are a few example use cases: Troubleshooting Network Connectivity Visually understand packet loss Review TCP retransmission Graph high latency packet responses Examination of Application Layer Sessions (even when […]
Read More

Maltego Transforms

Creating Local Maltego Transforms for our DNS reconnaissance tools has been on my to-do list for a while now. I am happy to say they are now available and it is a sweet way to perform infrastructure mapping from a domain. What is Maltego? Maltego is a cross-platform application for performing link analysis. Discover relationships […]
Read More

Cowrie Honeypot on Ubuntu

What is Cowrie Cowrie is the new fork of the Kippo Honeypot. It has been updated with new features and provides emulation that records the session of an attacker. With this session recording, you get a better understanding of the attackers tools, tactics, and procedures - TTPs. TTPs being a term that is increasingly being […]
Read More

15 Essential Open Source Security Tools

There are thousands of open source security tools with both defensive and offensive security capabilities. The following are 10 15* essential security tools that will help you to secure your systems and networks. These open source security tools have been given the essential rating due to the fact that they are effective, well supported and […]
Read More

16 Offensive Security Tools for SysAdmins

Offensive security tools are used by security professionals for testing and demonstrating security weakness. Systems Administrators and other IT professionals will benefit from having an understanding of the capabilities of these tools. Benefits include preparing systems to defend against these types of attacks, and being able to identify the attacks in the case of an […]
Read More

Enable OSSEC Active Response

Many OSSEC users start with Active response disabled to ensure the OSSEC agent does not affect the server, especially when running in a live production environment. However, once you have an understanding of the number of alerts and types of alerts you are seeing, it is a good idea to enable Active response. Blocking is […]
Read More