Packets don’t lie – Network Security Monitoring for the masses

On 18th June, I got an opportunity to present at RootConf Detecting anomalous network patterns conference on Network Security Monitoring. Here is the video of the recording –

Please feel to reach out if you find the talk interesting or would like to discuss implementing Network Security Monitoring in your network.

Network Protocols & Network Security Workshop VM

Image – Unsplash / @kellitungay

For the ongoing Network Protocols and Network Security workshop, we wanted to share the content which is going to be constantly updated with the participants.

One way is to share the presentation and the files (PCAP files, scripts to create the lab environment etc). This approach isn’t ideal if the content is going to be updated every now and then. Also, for participants, it is difficult to track the changes made to the presentation or avoid file duplication.

The other factors which were equally important – the hands-on labs should be easy to setup and available for practise later at any point of time.

The lab exercises shouldn’t mess with the main network. Who would be happy to bring the home internet offline and irk family members ? 🥺

The last bit was crucial in the context of this workshop. Some of the lab exercises such as ARP Spoofing would result in ARP cache poisoning for the whole network. The goal was also to have participants experiment with the labs in a safe environment.

Taking stock of the various factors, we decided to build a virtual machine(VM) using Ubuntu 20.04.2 LTS. The idea was to pack the lab exercises, the lab environment and most importantly the content inside the VM.

We’ve also made it possible for the participants to update the content and the lab exercises. This means that participants can run a couple of commands and have the latest content and lab exercises.

We are pretty stoked with how the VM has shaped up. Lot of exciting stuff in the pipeline !

Figure 1 – Network Protocols & Network Security Workshop VM

InfoSec Book recommendations

Unsplash / @kaimantha

Information Security is an ever changing landscape. The sharing of knowledge (threat intelligence, tactics, techniques, and procedures(TTPs) etc) within the Infosec community happens on various platforms such as MISP, MITRE ATT&CK etc.

Books even though they are static medium can provide an exceptional in-depth insight into certain subsets of InfoSec such as adversary behaviour, defending networks or a nation state planned attack.

We have outlined a a few must-read books which even beginners getting started into Information Security will find valuable. These books paint a broader picture. We will keep updating this blog post with additions.

The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage

Clifford Stoll is a legend. The book details Clifford’s adventures with an intruder in the network of Lawrence Berkeley National Laboratory and his relentless pursuit of catching the bad guy. Clifford invented the art of defending networks and Honeypots

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers

The noted journalist Andy Greenberg unpacks nation state actors at play with the NotPetya malware causing damage of more than $10 billion

My cat(Goldie) loved this book as well 🤦

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon

Imagine the idea of a nation state developing a malware specifically to target another nation state to thwart and disrupt the nuclear ambitions. Unreal.

This is an excellent read not only for the technical but also for the geo-political details.

Kim also has a newsletter which we highly recommend.

If you have recommendations on other books or would like to hang out (virtually) on discussing the nuances, please get in touch.