SecurityResearch-101

Introduction Network forensics in a nutshell is the combined activities regarding capturing, recording, and analyzing network packets in order to determine the source of attacks. Steps of network forensic examinations ·         Identification ·         Preservation ·         Collection ·         Examination ·         Analysis ·         Presentation ·         Incident Response Types of analysis performed on network level: ·         Data-link and physical layer (Ethernet) Methods are achieved with eavesdropping bitstreams on the Ethernet layer of the OSI model. Monitoring tools or network sniffers such as Wireshark or Tcpdump are used. These help to capture traffic data from a network card interface configured in promiscuous mode. ·         Transport and network layer (TCP/IP) Network layer provides router information from routing table present as well as log evidence. These help a great deal in providing information on compromised packets, identifying sources

What is a data diode? A data diode is hardware device that is often called a "unidirectional security gateway". It is placed between two networks with different levels of security and controls the flow of information in a safe, one-way transfer of data between segmented networks. In terms of security, network data flowing through data diodes makes it impossible for an insecure or hostile network to imbibe malware or access the system. Data diodes allows data processing in real time to information management systems protecting valuable information and network infrastructure from theft, destruction, tampering, and human error, mitigating potential loss of thousands of dollars and countless hours of work. Data diode design maintains physical and electrical separation of source and destination networks, establishing a non-routable, completely closed one-way data transfer between networks eliminating external points of entry to the sending system, preventing intruders and contagio

Many people use the terms - compromise assessment and threat hunting interchangeably. For the same, well to clear it out both are different! How and in what sense, let's take a dig at: A compromise assessment is a high-level review of the organization that does not rely on a limited scope to find out if they are compromised.  Performing such assessment helps establish that if a baseline is enough apart from highlighting the risks associated with a compromise not being effectively communicated to senior/executive leadership within your organization. Coming to threat hunting , this is a more mature assessment targeted to identify objectives such as (espionage, pivoting, data exfiltration, etc.) targeting your organization. source- https://www.crowdstrike.com/cybersecurity-101/threat-hunting/ Where Does Threat Hunting Fit? Threat hunting is highly complementary to the standard process of incident detection, response, and remediation. As security technologies analyze the raw data to

Beginning with Kubernetes Hacking into - Part 1 Introduction: Hi Readers, the world of virtualization is still in a starting stage and combined with the flavor of security, it’s a very interesting thing to learn and work with. As first part of the series we will focus on a very new concept of Virtualization which centers on Kubernetes. Let’s start from the very basics. Kubernetes is a powerful open source tool developed by Google. It helps us to utilize “micro-services” or better say “containerized” applications across distributed cluster of “nodes”. The beauty of Kubernetes lies in its highly resilient infrastructure with almost zero downtime apart from its immense deployment capabilities as well as offering a host of other features along with it. In a nutshell, the main objective of Kubernetes is to obscure the complexity of managing multiple containers by introducing REST based Web services in its backend. Kubernetes’s portability factor is another add-on. You can run i