brencroninOct 23, 202415 min readNetwork Detection Response (NDR) - Web Traffic Analysis Part 2Overview of major security tools related to web traffic protection Protection from Inside to Outside Traditional web protection largely...
brencroninOct 22, 202412 min readZeek & Corelight - Encrypted Traffic CollectionZeek, and Corelight sensors specifically, divide the process of handling and analyzing data into four distinct areas, as illustrated in...
brencroninOct 9, 20246 min readNetwork Detection Response (NDR) - HTTP Analysis Part 1HTTP is one of the most widely recognized protocols, essential for daily internet communication. Its ubiquity ensures it’s readily...
brencroninJun 12, 20249 min readZeek & Corelight - Core PackagesIn simple terms, Zeek sensors capture traffic, generate protocol-specific log files for the captured session traffic, and can export...
brencroninDec 26, 20237 min readNetwork Detection & Response (NDR) - Zeek 'Alerting' - Odd Remote Access Behavior and ToolsWhen collecting Zeek data, you have a rich source of information for analysis. However, when monitoring systems, it's crucial to...
brencroninNov 8, 20231 min readAgentless Integration of IDS/IPS and Vulnerability DataIntrusion Detection/Protection Systems (IDS/IPS) examine network traffic using rules and signatures. Some of these rules or signatures...
brencroninNov 5, 20233 min readThe Cybersecurity SuriIn the realm of cybersecurity, there is also a 'Suri,' which is the abbreviation for Suricata. Suricata stands as an open-source,...
brencroninSep 24, 20233 min readNetwork Security Monitoring (NSM) - Hacker Command & Control (C&C) (C2)Ralph Mudge developer of Cobalt Strike Red Team hacking software outlines from the hackers perspective 4 key processes that need to...
