Threat detection and response with WAZUH part-3: Vulnerabilities

Vulnerabilities are innate security flaws in computer systems that can be exploited by hostile actors to break into and breach these systems. When these vulnerabilities are effectively exploited, malware and bad actors can enter the system and carry out nefarious tasks including data exfiltration, remote code execution etc. Thus, in …

Threat detection and response with WAZUH part-2: Agent Installation

In my preceding blog entry, available at this link, I provided a tutorial on the installation of WAZUH SIEM within a Dockerized environment. In this subsequent post, I will elucidate the procedure for deploying and configuring a WAZUH agent on an endpoint system to facilitate log forwarding. Prerequisites Before you …

Threat detection and response with WAZUH part-1

  WAZUH is an open-source security monitoring solution that helps organizations detect and respond to cyber threats. It provides a centralized view of your security posture, allowing you to monitor and secure your infrastructure, applications, and networks in real-time. It includes a variety of features and capabilities such as: Intrusion …

Ansible playbook for spin up droplets in DigitalOcean

Ansible is an open source configuration management tool, and is popular for provision infrastructure. In this blog post I’ll show you how easily you can spin up multiple droplets in DigitalOcean. The full code can be downloaded from here. Prerequisite Ansible should be installed on your host and you should …

It all starts with an [SPAM] email

SPAM (or more specifically phishing) email is the most popular and effective weapon of cyber attack now a day. What is the first thing people do after receiving a spam email? Some got caught in the spammer net, some ignore it, some deletes the email, but as a security enthusiast …

from Zero to Swarm, your one stop Docker shop

  Docker, the most popular container technology nowadays. By nature it’s an application container, means if you want apache you will get apache inside your container. Or if you want to run mysql inside your container its mysql only. Got the picture? Cool. In this post I ll show you …

Uncomplicated Firewall (ufw) for ubuntu system

The Uncomplicated Firewall (ufw) is a front end for iptables and is a host based firewall. In this tutorial we will see how to enable and configure ufw firewall on Ubuntu system. Ubuntu 8.04 LTS introduced ufw, and it is available by default in all Ubuntu installations after 8.04 LTS. One …

Cisco archive command: backup router configuration automatically, stores them remotely.

Backup? Router Configuration!!  Can you remember the last backup time of your router configuration? If somebody asks me the same question my answer will be no. Take backup periodically, take backup after and before any changes, store them in a remote location, those are the line I have seen in …

Gtop, a command line dashboard for system monitoring

Those who are familiar with Linux system must know the top command. We can monitor our system usage by using top command like cpu, memory etc. There is another command which does the similar things like top, but instead of displaying the output in a raw text format, gtop produce …

Linux firewall for ipv6 traffic

iptables, The most common and widely used Linux firewall for IPv4 traffic. Like iptables, Linux has another firewall utility called ip6tables which is used for IPv6 traffic. These two tables need to configure separately for IPv4 and IPv6 packet. In this tutorial we will see how to configure ip6tables in Ubuntu …

Back to Top