AOL Moloch is PCAP Elasticsearch full packet search

BigSnarf blog

moloch-stats

https://github.com/bigsnarfdude/moloch

Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic.

Installation is pretty simple for a POC

  1. Spin up an Ubuntu box
  2. Update all the packages
  3. git clone https://github.com/bigsnarfdude/moloch
  4. follow tutorial if you must http://blog.alejandronolla.com/2013/04/06/moloch-capturing-and-indexing-network-traffic-in-realtime
  5. cd moloch
  6. ./easybutton-singlehost.sh
  7. follow prompts
  8. load sample PCAPs from http://digitalcorpora.org/corp/nps/scenarios/2009-m57-patents/net
  9. Have fun with Moloch

View original post

Selective VPN routing [Solution: DSVR]

Add your thoughts here… (optional)

Darran Boyd

Before sharing about what I believe is my best solution yet, i’ll take a walk down memory lane…

Client VPN

Got my first VPN account (PPTP/L2TP) and happily used it from my various Windows/Mac/iOS clients. Very quickly I came across a few limitations, namely:

1) Only one device at a time could use the VPN.
2) More restricted clients did not have a client side capability to configure the VPN (like the Apple TV/PS3)
3) When a device was on the VPN, all traffic went down it – not ideal from a performance perspective, and when you’re location is determine by IP (e.g. Google Maps).
4) Minor at the time, but could not have multiple VPNs running.

Router VPN [+Source Based Routing]

Configuring  VPN connection at a single aggregation point (i.e. the router) was the next step, as this did solve some of the limitations (1 & 2 above). After a…

View original post 723 more words

Hacking Your Way Through Airports and Hotels

Hacking Your Way Through Airports and Hotels.

Want to know how to hack travelers and hotel networks in a matter of minutes? On a recent trip, Nabil Ouchn (@toolswatch) decided to do some some security analysis with a piece of hardware called the PwnPad – a penetration testing tablet – and a few other tools to see what kind of mischief he could get into.

Ouchn is the founder of ToolsWatch.org and the organizer of the Arsenal Tools exhibit at the BlackHat Conferences in both the US and Europe since 2011. ToolsWatch is a free interactive service designed to help auditors, penetration testers, and other security professionals keep their ethical hacking toolbox up to date with the latest and greatest resources.

Ouchn has over 15 years of experience in vulnerability management, compliance assessment and penetration testing, and Co-Founder of an innovative SaaS Multi-Engines Threats Scanning Solution. His adventure began one day at an undisclosed European airport where he had a layover while heading to another country through a connecting flight.

Project Sonar : from #ScanAllTheThings to #GrepAllTheThings… here we go !

valdesjo

“Unity is strength !” is with these words that I summarize initiative launched by the holders of this project.

There’s a few years, scan the Internet in its majority* was a challenge for which he had to bring adequate resources, not to mention special (bandwidth, storage space, equipment … ).
These days , with the development of tools, techniques, and lower infrastructure costs, the challenge is smaller. Indeed, the news of theses last months reveals that it is now possible to scan the entire Internet to IP version 4 (see  0.0.0.0/0 ) on a specific communication port in less than an hour [1] or less. [2]
Over time several projects in this direction have emerged, among them in 2012 and we got the Internet Census project whose the process of research is pretty debatable but whom gave results of great value to the Tech community (the valuable…

View original post 381 more words

Licensing for beginners

Add your thoughts here… (optional)

joepie91s Ramblings

Many people are confused by how copyrights and licensing works, and they often unintentionally revert to an option that does not benefit others as it could have. With this post I hope to shed some light on how licensing works, why you should be doing it, and what license to pick based on your personal preference.

If you dislike the idea of copyright altogether, then definitely read on. As copyright still exists virtually everywhere, ignoring it will only lead to less people being able to (re)use what you created. For now, licensing is a necessary evil, and there are some licenses that basically amount to “do whatever you want”.

It’s recommended to read this entire post. It may take some time to do so, but it will give you a vital understanding of how licensing works and why it is important.

The caveats: I am not a lawyer, simply an…

View original post 1,429 more words

Performing Automated Network Reconnaissance with Recon-NG

Add your thoughts here… (optional)

CYBER ARMS - Computer Security

The Recon-NG Framework is a powerful tool that allows you to perform automated information gathering and network reconnaissance. Think of it as Metasploit for information collection.

Recon-NG automates a lot of the steps that are taken in the initial process of a penetration test. It has numerous features that allow you to collect user information for social engineering attacks, and network information for network mapping and much more.

You can automatically hit numerous websites to gather passive information on your target and even actively probe the target itself for data.

Anyone who is familiar with Metasploit will feel right at home as the interface was made to have the same look and feel. The command use and functions are very similar. Basically you can use Recon-NG to gather info on your target, then attack it with Metasploit.

INSTALLING RECON-NG

To install Recon-NG, simply download the program from the Recon-ng repository:

View original post 404 more words

CTO Cybersecurity Forum, Yaoundé Edition, Write Up Part 2 : Critical Information Infrastructures Protection Workshop

Following the first part of the return on the 3rd CTO Cybersecurity Forum (which is reachablehere) in the afternoon of Thursday, April 25, there were two tracks of choice and ours was to participate in the workshop on the Critical Information Infrastructure Protection (CIIP) led by David POLLINGTON from Microsoft Security in partnership with FIRST (Forum for Incident Response and Security Teams).

From the outset, the master session insisted that while it is Microsoft, during the workshop there will be no sale of any product of the firm’s employment, but rather to share  State of the art and best practices for CIIP and what is being done at Microsoft to get there.

The workshop was divided into two parts:

  • Critical Infrastructure Protection: Concept and Continuum: on the definition and contours of the Critical Infrastructure (CI) concept.
  • A Framework for Critical Information Infrastructure Risk Management, which offered us a set of process dedicated to the identification and management of risks in our CIIs(Critical Information Infrastructures).

For this purpose, two books were given to us, each focusing on a part of the workshop.

Speaking about CIIP, we should already be able to differentiate what is Critique and what isn’t. The criticality notion is variable from one state to another, there are no fixed patterns on it. However, some areas are included in several Critical Infrastructures models / catalogs in the example of Energy, Finance, Water, Transport, Food, Public Safety, …
…. Netx of this article can be found here !