 |
Post Aq1mTZXzXbiCcBcSBc by [email protected] |
 |
More posts by [email protected] |
|
Post #ApzEJXzwf0Yo9mp3oG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
==Training Lesson==INVESTIGATION NARRATIVE: SSH Kill la Killed 🧵My job is to… |
|
|
|
Post #ApzER3ECwjGR2g4W6C by [email protected] |
|
0 likes, 1 repeats |
|
|
|
NOTE: You can mute this thread if not interested it will be long.I have a seedb… |
|
|
|
Post #ApzEhA3RKlEsqZiWVk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
In some scenarios you can increase overall transfer speeds by running multiple … |
|
|
|
Post #ApzEkSgUWbgpUlYahc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Okay WinSCP starts opening more (we're going to call them multithreaded) co… |
|
|
|
Post #ApzFCpDwJj1BVaj7uS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity SSH + SFTP is definitely one of these protocols. |
|
|
|
Post #ApzFOYivUSm7oDoddo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
In this non-enterprise scenario there are basically 6 broad layers this problem… |
|
|
|
Post #ApzFZaQTV8R8H4RYqO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
To emulate often limited information and collection abilities early in an incid… |
|
|
|
Post #ApzFoI0SGdW9UTHeu8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
"I don't know what I'm looking for, but I'll know it when I se… |
|
|
|
Post #ApzGR7aUwBXuTHevlA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
I get WinSCP to right before the problem occurs, start recording, in one window… |
|
|
|
Post #ApzGVszAefZ8dETIfo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Before jumping to conclusions at red text, let's look around. I familiarize… |
|
|
|
Post #ApzHGZHfirvf8fNwIa by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@SwiftOnSecurity good taste in terms of anime |
|
|
|
Post #ApzHSzKSiJgJOIc2YC by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@SwiftOnSecurity this, this, and very much this! At least for me, the challenge… |
|
|
|
Post #ApzHeU8OWKgG7LRyEK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
DISCLAIMER: I am not a network professional and there's more Wireshark stuf… |
|
|
|
Post #ApzI0yjTREdBO1WGYq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Learn to use the Statistics tools in Wireshark. Okay, so in networking mutliple… |
|
|
|
Post #ApzI8H67YTJiN9ajc8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
(There are MULTIPLE ways to get to this eventual understanding)For some reason … |
|
|
|
Post #ApzITSRoYFpbeeq6DY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
What do we know so far?1.) Initial connectivity works.2.) Connectivity with up … |
|
|
|
Post #ApzId96fJf1AZ6ZCC0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity yeah, it sounded like an anti-DoS intervention to me |
|
|
|
Post #ApzIf1LZ8ZrV4uQjWS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
At this point we have acted on knowing _LITERALLY NOTHING_ except "the app… |
|
|
|
Post #ApzIhOyIGxBYvagEnQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Okay, we know these TCP sessions are simulatanously gettingKILL LA KILLEDBut wh… |
|
|
|
Post #ApzIq6UWLoEEDcu5MO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
You finally get access to firewall. In the logs you find the security blocks.A … |
|
|
|
Post #ApzJXbjK57ZxYXZUMy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity but also... Ubiquiti Dream Machine :) |
|
|
|
Post #ApzJZfoNsRgOnIvL1s by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity last line destination IP - methinks that should be hidden, no? |
|
|
|
Post #ApzJiumlZdr5qDZdYm by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mwistar thx |
|
|
|
Post #ApzKF4yPEPxwhkM5XU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity Good sleuthing! |
|
|
|
Post #ApzKalvOjZjdzuIB5E by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity reminds me of a time troubleshooting a slow network connection… |
|
|
|
Post #ApzM8V1IBzvJMrhBku by [email protected] |
|
0 likes, 0 repeats |
|
|
|
(the admin was me)Firewall is told to ignore that single rule. You start the tr… |
|
|
|
Post #ApzN6OZjHYfYktMcQS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity Funnily enough, encountered this specific rule on a different … |
|
|
|
Post #ApzQqHoN3twWxdmom8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@SwiftOnSecurity please never delete this thread. This explains so many things … |
|
|
|
Post #ApzR1ogHC7JC5aUwvQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity "I don't know what I'm looking for but I'll k… |
|
|
|
Post #ApzREL2mhAOlw6zskC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@_calmdowndear That's such a big compliment thank you for typing that all o… |
|
|
|
Post #ApzRLXCRtl8PfEwtjE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity "I found who did it! It was me!" Is also one of thos… |
|
|
|
Post #ApzRb0ULHoGiqRhEGG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity no, thank you for the free training material should I ever fin… |
|
|
|
Post #ApzRtS3HXoMrXnpluS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
What I do in problem troubleshooting is often not terribly advanced. But what I… |
|
|
|
Post #ApzRwEjlVMY97N280W by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Anyway, as first post said -- this was written intended for new entrants to tec… |
|
|
|
Post #ApzU51IT2pcPwqa4zA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@SwiftOnSecurity Packets don't lie! |
|
|
|
Post #ApzYjydUF6DBNvCKTQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@SwiftOnSecurity Yep, finding tiger problem is half of time battle. The next s… |
|
|
|
Post #ApzaxdRY250dcUFoJs by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@SwiftOnSecurity Fascinating read! I've done stuff like this before where i… |
|
|
|
Post #ApzdgEa9VpsjSBfmTI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity It’s usually my own firewall too. |
|
|
|
Post #ApzfKG8vEEtlpdaMIS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity thanks for the write up. Great explanation on how to dive into… |
|
|
|
Post #ApzfMGrBXrz2cpFSVM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity sounds like something I’d do |
|
|
|
Post #Aq0BIW42GC1FAGVpTc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity "Well well well if it isn't the consequences of my o… |
|
|
|
Post #Aq0Ea0Y2TUE2UhZvma by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity Great thread.I cannot recommend Wireshark highly enough for ne… |
|
|
|
Post #Aq0PWePhPeNSTLHOOe by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@SwiftOnSecurity I am a senior firewall admin and your thread describes my job.… |
|
|
|
Post #Aq0iwFf7xROoMlPuDI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity also worth interesting: taking a look at TCP buffers and queue… |
|
|
|
Post #Aq0rtPkCurDyLyVypE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] internal politics and people management are a… |
|
|
|
Post #Aq0ruwcMBAOMb8ZYHI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@ireneista thank you Irenes good to see you around |
|
|
|
Post #Aq0sFkUUSgax4IoU76 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@froge @SwiftOnSecurity 100% |
|
|
|
Post #Aq0vmWp2bMWc5wkQIi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity Excellent thread. As a router jockey, I loathe firewalls while… |
|
|
|
Post #Aq136QNQyRvTZmGkMK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity (the admin was me) has also applied to myself more times than … |
|
|
|
Post #Aq1kobRtSxZagZfRMO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity This is kind of what I do. I have my old computer running a to… |
|
|
|
Post #Aq1mTZXzXbiCcBcSBc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@da_667 @SwiftOnSecurity skript kiddie mitigation AND overzealous dev curtailin… |
|
|
|
Post #Aq1msqPJzarQ94c9j6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@SwiftOnSecurity So we start going through the usual suspects."Do the logs… |
|
|
|
Post #Aq1n5bjXrQ2IOr9yZE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@SwiftOnSecurity In spite of it being a cybersecurity con, I think I naturally … |
|
|
|
Post #AqIoQiWNDrslApwngm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@SwiftOnSecurity 😂 |
