Popular research items include the web tutorials. These cover how to use several open source security tools, the Top 100K WordPress Sites Analysis, and the Hacker Tools of Mr Robot for a bit of fun.
Information Security is a fast changing field. Techniques of attackers are constantly changing, it is necessary to study attack methods and adapt when necessary.
Security Visualisations
Security Operations and Security Event Analysis effectiveness can be greatly improved through visualizing security event data. While some people take great pleasure in looking at long lists of statistics from firewalls, intrusion detection systems, and other security-related logs, most find it not only boring but also ineffective.
Visualizing data can help an analyst spot patterns and trends that may otherwise be missed. It also makes your reports look pretty.
An excellent resource on visualization (not only security-focused) with a collection of examples is the Flowing Data Blog. A more security focused site is the SecViz project.
| Title | Description |
|---|---|
| Zeek Dashboard using Grafana | Combine the power of Zeek network analysis with Grafana visualisation to generate a dashboard of the traffic from any pcap. |
| Cowrie Honeypot Analysis (24 hours of Attacks) | 24 hours after installing a Cowrie SSH and Telnet Honeypot I had a ton of data. Sources of attacks are mapped and examined in this analysis |
| Mapping Web Attacks with Splunk | Quickly map web application attacks such as the WordPress Timthumb using Splunk and Geolocation plugins. |
| SSH Blacklist Visualization | Using SSH black list data in this visual we plot the location of the different blacklisted IP's based on an IP geo-location lookup and then plotted onto a google mapped visualisation. |
Tutorials, Guides & Cheat Sheets
Introductory tutorials, guides, and cheat sheets for building, installing, and using Open Source security solutions. Includes tips for those getting started, and also new tricks to allow you to master a tool you have been using for years.
| Title | |
|---|---|
| Zeek with GeoIP, ASN & JA4 in 5 minutes | Zeek is highly scalable and can be deployed onto multi-gigabit networks for real time traffic analysis and also be used as a tactical tool to quickly assess packet captures. |
| Nmap Tutorial | A basic tutorial for installing Nmap and understanding the scanning process. |
| OpenVAS Tutorial | An introduction to OpenVAS with advanced tips for ongoing management of this vulnerability scanning solution. |
| Build a Cyber Security Lab with DetectionLab | DetectionLab makes the initial configuration of building a Cyber Security Lab easy. This tutorial provides a walk through of an install. |
| Extend DetectionLab with Linux Endpoints | This tutorial details how to easily deploy additional Ubuntu Linux-based servers into the DetectionLab environment. |
| Cyber Security Training | An overview of Free and high quality commercial Cyber Security Training. Spend your time wisely with training from the experts. |
| Attack Surface Discovery | Using Open Source Intelligence it is possible to map the network attack surface of an organisation. |
| 20 Essential Open Source Security Tools for Blue Teams | 20 open source security tools for Blue Teams. Get tactical with traffic analysis, intrusion detection, and incident response. |
| Osquery Linux Tutorial and Tips | Osquery is a monitoring tool providing detailed visibility into the operating system, processes, and network connections of a computer system. This tutorial provides a quick start guide for getting a usable osquery up and running. |
| SSH Examples & Tunnels | Practical SSH examples and Tips. Configure Socks Proxy, Tunnels and other options. |
| Nmap Cheat Sheet | Practical example commands for running Nmap. Get the most of this powerful tool. |
| Wireshark Tutorial | Wireshark is the king of network traffic analysis. Get started with this tutorial, and advanced tips. |
| Tcpdump Examples | Practical examples of tcpdump usage. |
| Tshark Tutorial | Tshark is the under appreciated little brother of Wireshark. It is a powerful command line packet analyser. |
| Hacker Tools in Mr Robot | A fun look at the accurately implemented attack tools used in the TV drama Mr Robot. |
| Nikto Tutorial | Install Nikto and scan web servers with this simple tutorial. |
| ClamAV Antivirus for Linux tutorial | ClamAV Antivirus is an open source malware detection tool. This tutorial covers getting started with ClamAV and common use cases. |
| Top 1 Million Site Lists | An overview of the available Top 1 Million Site lists for use in security research. |
| Attacking and Enumerating Joomla | Discover the tips and techniques used to attack and break into Joomla based websites. |
| SQLmap Tutorial | With SQLmap you can go from initial discovery of SQL Injection to complete database and server compromise. This tutorial will get you started. |
| DNS Tools | DNS records and DNS related information is an important part of reconnaissance for a penetration tester. |
| Nessus 10 on Ubuntu 20.04 install and mini review | Nessus Essentials is Tenable's free version of its vulnerability scanner. Limited to 16 IPs with unlimited time usage. In this tutorial we provide a walk through of an install and a mini-review of results. |
| Gobuster Tutorial | How to use Gobuster : a directory, file, DNS Subdomain brute forcing tool. |
| XSS Tutorial | An introductory tutorial to cross site scripting (XSS). Understand the basics of how XSS works to understand the risk. |
| Firewall Ubuntu with UFW | Configure an IP Tables Firewall on Ubuntu with UFW in this tutorial. |
| Rkhunter, Chkrootkit and OSSEC Rootcheck | 3 examples of free and open source ways to detect Rootkit threats on Linux based systems |
| Recon-ng Tutorial (2022 update) | Discover open source intelligence and conduct reconnaissance with with Recon-Ng |
Passive Website Analysis
Looking at the technology behind the most highly trafficked websites in the world (top one million sites) provides insight into Internet trends, including Internet Security, where our particular interests lie.
In 2019 we released expanded research into new areas, built a new set of data, and analyzed the Top 1 Million websites. The report includes details of the web servers, hosting companies, web applications, and locations of the sites.
Identification of web technologies through analysis of the HTTP headers and HTML source is an effective reconnaissance method for those wishing to quietly assess an organisation's attack surface.
| Title | Description |
|---|---|
| Fortune 1000 Technology Insights | An analysis of Technology and Hosted Services used by the Fortune 1000 Companies. |
| 100K Top Websites powered by WordPress | In this post we look at the top 100'000 wordpress sites; digging a bit deeper to pull out the Hosting Provider, Theme Name and Web Server the sites are running on. Download the full list of sites in .csv format to perform your own analysis or perhaps to see where you are sitting in the list. |
| WordPress WooThemes Framework Updates | WooThemes is one of the most successful theme development shops on the planet. In this analysis we look at how well webmasters apply security updates to the WooThemes Framework. Theme updates are just as important as WordPress Core and Plugin updates when maintaining a WordPress installation. |
| WordPress Theme Usage | WordPress is now hitting over the 16% mark in the top 1 million websites. This analysis breaks down the most popular commercial and free themes. |
| HTTP Headers for Security | With a number of different http headers available for protecting the end user, we performed some analysis to find out how prevalent the configuration of these headers is in the top websites. |
| IPv6 Infographic | During March we conducted analysis that involved looking for the presence of IPv6 AAAA records for the sites in the Top 1 Million. Through this analysis we found only 1.1% of all sites have made the move towards the new IP addressing technology. |
| WordPress Infographic | WordPress is the worlds most popular content management system. With around 15% of the top websites, this Infographic explores the hosting, security updates and operating systems of those sites. |
| CMS Survey Summary | Content management systems (CMS) run many of the worlds websites both at the high end in the top 100'000 sites in the world and right down to personal blogs. This study has a look at the breakdown of the different systems. |