One of the most awesome capabilities of Zeek, except the scriptable nature, is the network...| #Threat Hunting Tails
In the previous days, I tried to consume SPAN traffic from an HP Switch that...| #Threat Hunting Tails
By default, Zeek is configured to capture all the network traffic, both IP and Non-IP...| #Threat Hunting Tails
When you deploy your Zeek sensor for the first time, after a while you will...| #Threat Hunting Tails
In the process of Threat Hunting or even as a SOC Analyst, it is crucial...| #Threat Hunting Tails
Continuing my previous post, about ASN Enrichment (https://threathuntingtails.com/zeek-asn-enrichment/), today I will talk about Geolocation Enrichment...| #Threat Hunting Tails
There are times that you get a lot of Zeek Notices that have no value...| #Threat Hunting Tails
Zeek is a powerful tool for monitoring your networks. It has many powerful capabilities, but the best of all, it is the Zeek script language, that gives you the capability to extend what you can see, detect and log.| threathuntingtails.com
Knock Knock is a Sherlock from HackTheBox that provides a PCAP for a ransomware incident. I’ll find where the attacker uses a password spray to compromise a publicly facing FTP server. In there, the attacker finds a configuration file for a port-knocking setup, and uses that to get access to an internal FTP server. On that server, they find lots of documents, including a reference to secrets on the company GitHub page. In that repo, the attacker found SSH creds, and used an SSH session to d...| 0xdf hacks stuff