Popular research items include the web tutorials. These cover how to use several open source security tools, the Top 100K WordPress Sites Analysis, and the Hacker Tools of Mr Robot for a bit of fun.

Information Security is a fast changing field. Techniques of attackers are constantly changing, it is necessary to study attack methods and adapt when necessary.

Security Visualisations

Security Operations and Security Event Analysis effectiveness can be greatly improved through visualizing security event data. While some people take great pleasure in looking at long lists of statistics from firewalls, intrusion detection systems, and other security-related logs, most find it not only boring but also ineffective.

Visualizing data can help an analyst spot patterns and trends that may otherwise be missed. It also makes your reports look pretty.

An excellent resource on visualization (not only security-focused) with a collection of examples is the Flowing Data Blog. A more security focused site is the SecViz project.

Title Description
Cowrie Honeypot Analysis (24 hours of Attacks)24 hours after installing a Cowrie SSH and Telnet Honeypot I had a ton of data. Sources of attacks are mapped and examined in this analysis
Mapping Web Attacks with SplunkQuickly map web application attacks such as the WordPress Timthumb using Splunk and Geolocation plugins.
SSH Blacklist VisualizationUsing SSH black list data in this visual we plot the location of the different blacklisted IP's based on an IP geo-location lookup and then plotted onto a google mapped visualisation.

Tutorials, Guides & Cheat Sheets

Introductory tutorials, guides, and cheat sheets for building, installing, and using Open Source security solutions. Includes tips for those getting started, and also new tricks to allow you to master a tool you have been using for years.

Title Description
Nmap TutorialA basic tutorial for installing Nmap and understanding the scanning process.
OpenVAS TutorialAn introduction to OpenVAS with advanced tips for ongoing management of this vulnerability scanning solution.
Build a Cyber Security Lab with DetectionLabDetectionLab makes the initial configuration of building a Cyber Security Lab easy. This tutorial provides a walk through of an install.
Extend DetectionLab with Linux EndpointsThis tutorial details how to easily deploy additional Ubuntu Linux-based servers into the DetectionLab environment.
Cyber Security TrainingAn overview of Free and high quality commercial Cyber Security Training. Spend your time wisely with training from the experts.
Attack Surface DiscoveryUsing Open Source Intelligence it is possible to map the network attack surface of an organisation.
20 Essential Open Source Security Tools for Blue Teams20 open source security tools for Blue Teams. Get tactical with traffic analysis, intrusion detection, and incident response.
Osquery Linux Tutorial and TipsOsquery is a monitoring tool providing detailed visibility into the operating system, processes, and network connections of a computer system. This tutorial provides a quick start guide for getting a usable osquery up and running.
SSH Examples & TunnelsPractical SSH examples and Tips. Configure Socks Proxy, Tunnels and other options.
Nmap Cheat SheetPractical example commands for running Nmap. Get the most of this powerful tool.
Wireshark TutorialWireshark is the king of network traffic analysis. Get started with this tutorial, and advanced tips.
Tcpdump ExamplesPractical examples of tcpdump usage.
Tshark TutorialTshark is the under appreciated little brother of Wireshark. It is a powerful command line packet analyser.
Hacker Tools in Mr RobotA fun look at the accurately implemented attack tools used in the TV drama Mr Robot.
Nikto TutorialInstall Nikto and scan web servers with this simple tutorial.
ClamAV Antivirus for Linux tutorialClamAV Antivirus is an open source malware detection tool. This tutorial covers getting started with ClamAV and common use cases.
Top 1 Million Site ListsAn overview of the available Top 1 Million Site lists for use in security research.
Attacking and Enumerating JoomlaDiscover the tips and techniques used to attack and break into Joomla based websites.
SQLmap TutorialWith SQLmap you can go from initial discovery of SQL Injection to complete database and server compromise. This tutorial will get you started.
DNS ToolsDNS records and DNS related information is an important part of reconnaissance for a penetration tester.
Nessus 10 on Ubuntu 20.04 install and mini reviewNessus Essentials is Tenable's free version of its vulnerability scanner. Limited to 16 IPs with unlimited time usage. In this tutorial we provide a walk through of an install and a mini-review of results.
Gobuster TutorialHow to use Gobuster : a directory, file, DNS Subdomain brute forcing tool.
XSS TutorialAn introductory tutorial to cross site scripting (XSS). Understand the basics of how XSS works to understand the risk.
Firewall Ubuntu with UFWConfigure an IP Tables Firewall on Ubuntu with UFW in this tutorial.
Rkhunter, Chkrootkit and OSSEC Rootcheck3 examples of free and open source ways to detect Rootkit threats on Linux based systems
Recon-ng Tutorial (2022 update)Discover open source intelligence and conduct reconnaissance with with Recon-Ng

Passive Website Analysis

Looking at the technology behind the most highly trafficked websites in the world (top one million sites) provides insight into Internet trends, including Internet Security, where our particular interests lie.

In 2019 we released expanded research into new areas, built a new set of data, and analyzed the Top 1 Million websites. The report includes details of the web servers, hosting companies, web applications, and locations of the sites.

Identification of web technologies through analysis of the HTTP headers and HTML source is an effective reconnaissance method for those wishing to quietly assess an organisation's attack surface.

Title Description
Fortune 1000 Technology InsightsAn analysis of Technology and Hosted Services used by the Fortune 1000 Companies.
100K Top Websites powered by WordPressIn this post we look at the top 100'000 wordpress sites; digging a bit deeper to pull out the Hosting Provider, Theme Name and Web Server the sites are running on. Download the full list of sites in .csv format to perform your own analysis or perhaps to see where you are sitting in the list.
WordPress WooThemes Framework UpdatesWooThemes is one of the most successful theme development shops on the planet. In this analysis we look at how well webmasters apply security updates to the WooThemes Framework. Theme updates are just as important as WordPress Core and Plugin updates when maintaining a WordPress installation.
WordPress Theme UsageWordPress is now hitting over the 16% mark in the top 1 million websites. This analysis breaks down the most popular commercial and free themes.
HTTP Headers for SecurityWith a number of different http headers available for protecting the end user, we performed some analysis to find out how prevalent the configuration of these headers is in the top websites.
IPv6 InfographicDuring March we conducted analysis that involved looking for the presence of IPv6 AAAA records for the sites in the Top 1 Million. Through this analysis we found only 1.1% of all sites have made the move towards the new IP addressing technology.
WordPress InfographicWordPress is the worlds most popular content management system. With around 15% of the top websites, this Infographic explores the hosting, security updates and operating systems of those sites.
CMS Survey SummaryContent management systems (CMS) run many of the worlds websites both at the high end in the top 100'000 sites in the world and right down to personal blogs. This study has a look at the breakdown of the different systems.