Threat detection and response with WAZUH part-3: Vulnerabilities

Vulnerabilities are innate security flaws in computer systems that can be exploited by hostile actors to break into and breach these systems. When these vulnerabilities are effectively exploited, malware and bad actors can enter the system and carry out nefarious tasks including data exfiltration, remote code execution etc. Thus, in …

Threat detection and response with WAZUH part-2: Agent Installation

In my preceding blog entry, available at this link, I provided a tutorial on the installation of WAZUH SIEM within a Dockerized environment. In this subsequent post, I will elucidate the procedure for deploying and configuring a WAZUH agent on an endpoint system to facilitate log forwarding. Prerequisites Before you …

Threat detection and response with WAZUH part-1

  WAZUH is an open-source security monitoring solution that helps organizations detect and respond to cyber threats. It provides a centralized view of your security posture, allowing you to monitor and secure your infrastructure, applications, and networks in real-time. It includes a variety of features and capabilities such as: Intrusion …

It all starts with an [SPAM] email

SPAM (or more specifically phishing) email is the most popular and effective weapon of cyber attack now a day. What is the first thing people do after receiving a spam email? Some got caught in the spammer net, some ignore it, some deletes the email, but as a security enthusiast …

Uncomplicated Firewall (ufw) for ubuntu system

The Uncomplicated Firewall (ufw) is a front end for iptables and is a host based firewall. In this tutorial we will see how to enable and configure ufw firewall on Ubuntu system. Ubuntu 8.04 LTS introduced ufw, and it is available by default in all Ubuntu installations after 8.04 LTS. One …

Linux firewall for ipv6 traffic

iptables, The most common and widely used Linux firewall for IPv4 traffic. Like iptables, Linux has another firewall utility called ip6tables which is used for IPv6 traffic. These two tables need to configure separately for IPv4 and IPv6 packet. In this tutorial we will see how to configure ip6tables in Ubuntu …

How to deploy MHN (Modern Honey Network) Server on EC-2 Instances

A honeypot is a computer software or device that exists only for attack. Yes, that’s the main goal of a honeypot. When you deploy a honeypot the main goal of the system is to be attacked. When a hacker interact with the honeypot, it starts logging the activity of the …

How to implement 2 factor authentication for SSH on Ubuntu 16.04

Hello everyone. Today I’ll show you how to implement 2 factor authentication for SSH on Ubuntu 16.04 server using the Google Authenticator app. We will use ssh key (1st factor) and a randomly generate code (2nd factor) by Google Authenticator to login to our Ubuntu server. I use Amazon EC2 …

Back to Top