3 min
Incident Detection
How to Alert on Rogue DHCP Servers
How to alert on rogue DHCP servers using network traffic as a data source. We look at how you can use Wireshark or LANGuardian to detect DHCP servers.
3 min
Incident Detection
5 Tips For Monitoring Network Traffic on Your Network
Monitoring traffic on your network is important if you want to keep it secure. These five tips will help you get the most out of your (NTA) tool.
2 min
Incident Detection
MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis
Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic
2 min
InsightIDR
How to detect SMBv1 scanning and SMBv1 established connections
How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.
3 min
InsightIDR
How To Detect Unauthorized DNS Servers On Your Network
DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network
2 min
InsightIDR
How to Detect BitTorrent Traffic on your Network
Learn how to detect BitTorrent traffic on your network to capture metadata such as INFO-HASH, IP addresses, and usernames.
3 min
InsightIDR
How to Troubleshoot Slow Network Issues With Network Traffic Analysis
In this blog, we discuss how to troubleshoot slow network issues with Network Traffic Analysis.
9 min
Project Sonar
Project Sonar Study of LDAP on the Internet
The topic of today's post is a Rapid7 Project Sonar
[http://sonar.labs.drordi.com/] study of publicly accessible LDAP services on
the Internet. This research effort was started in July of this year and various
portions of it continue today. In light of the Shadowserver Foundations's
recent announcement [http://ldapscan.shadowserver.org/] regarding the
availability relevant reports we thought it would be a good time to make some of
our results public. The study was originally intended to be a
3 min
InsightIDR
3 Ways for Generating Reports on WAN Bandwidth Utilization
3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.
2 min
AWS
The real challenge behind asset inventory
As the IT landscape evolves, and as companies diversify the assets they bring to
their networks - including on premise, cloud and personal assets - one of the
biggest challenges becomes maintaining an accurate picture of which assets are
present on your network. Furthermore, while the accurate picture is the end
goal, the real challenge becomes optimizing the means to obtain and maintain
that picture current. The traditional discovery paradigm of continuous discovery
sweeps of your whole network
5 min
Events
The Black Hat Attendee Guide Part 5 - Meaningful Introductions
If you are just joining us, this is the fifth post in the series starting here
[/2015/07/13/the-black-hat-attendee-guide-part-1].
Making An Introduction
I might be wrong, but I'll argue that networking is a transitive verb, so
ENGAGE! The real magic starts happening as you progress:
* Level 1-- Start with a “Hi, my name is… ” Yes, it's that simple, thanks to
Slim Shady [http://youtu.be/dQw4w9WgXcQ?t=43s]
* Level 2-- Demonstrate that you have an idea of the world the other person
live
2 min
Networking
Top 3 Reasons Small-to-Medium Businesses Fail at Security
Cyberattacks are on the rise with more sophisticated attack methods and social
engineering being employed against just about any entity with an Internet
presence. According to a recent study cited by the U.S. House Small Business
Subcommittee on Health and Technology, companies that were 250 persons or less
were the target of 20% of all cyberattacks. A more sobering claim of the study
is the roughly 60% of small businesses that close within 6 months following a
cyberattack.
While cyberattacks a
3 min
Incident Detection
Finding Out What Users are Doing on Your Network
One of the most common questions in IT is how to find out what users are doing on a network. We break down the common ways to monitor users on your network.
3 min
Microsoft
Microsoft EMET 4.0 might be the best enterprise security tool you're not using yet
Cross-posted from dangerous.net
[http://blog.dangerous.net/2013/04/microsofts-emet-40-free-enterprise.html]
Last week Microsoft announced
[http://blogs.technet.com/b/srd/archive/2013/04/18/introducing-emet-v4-beta.aspx]
their 4.0 beta release of EMET (Enhanced Mitigation Experience Toolkit). If you
are responsible for securing Windows systems, you should definitely be looking
at this free tool if you haven't already.
EMET is a toolkit provided by Microsoft to configure security controls on
Wi
2 min
Metasploit
Introduction to Metasploit Hooks
Metasploit provides many ways to simplify your life as a module developer. One
of the less well-known of these is the presence of various hooks you can use for
processing things at important stages of the module's lifetime. The basic one
that anyone who has written an exploit will be familiar with is exploit, which
is called when the user types the exploit command. That method is common to all
exploit modules. Aux and post modules have an analogous run method. Common to
all the runnable modules