Fail2ban for WordPress

fail2ban is a utility that can be used to protect a server or website from brute-force attacks by blocking the IP address of the attacker after a certain number of failed login attempts. If you want to use fail2ban to protect your WordPress website, you can do so by installing and configuring the fail2ban software … Read more

Automated Network Penetration Testing Tool – SPARTA by SECFORCE

Introduction: If you ever participated in CTF or trying to crack up some machines on-site like hackthebox you will know what amount of effort goes into initial scanning and enumeration to get you headed on possible advancement on your kill chain. For example, starting a Nmap scan to running Nikto and eventually being able to … Read more

Lynis (How to find vulnerabilities and harden a Linux system)

Introduction: In the security industry, there is so much emphasis on Windows server and workstation security with thousands of security products dedicated to finding vulnerabilities and hardening servers. A few products that we have in the market are Nessus,  Nexpose, and OpenVAS, one may say they do support Linux and I agree entirely, but they … Read more

Honeytokens (Canary Tokens). What is it? And How it works? Detect Insider Threat

What are Honeypots: We all are familiar with the concept of honeypots and their importance in a corporate environment. If you are not aware honeypots are deployed across the network in order to detect the intruder in the network. Honeypots are the system that contains detective and alerting features with some intended vulnerability to attract … Read more

Disassembling ransomware decryption tool What’s inside the decryption tool? How does the decryption tool work? Ransomware Recovery

Intro Ransomware attacks are on rising and becoming more sophisticated. Companies without little to no backup plan, struggle the most. As we know with ransomware attacks comes encryption. And it is a real pain to decrypt any files without a key. So that kept me thinking, how is this decryption tool able to handle the … Read more

Monitor full network traffic with Arkime aka. Moloch

Monitoring the corporate network is a crucial part to safeguard the network against malicious threat actors. One may argue that there are IDS and IPS to detect malicious traffic on the network. Those advanced security devices can indeed be useful but one cannot see the full picture of the network. For example, IDS and IPS … Read more

AWS Security Audit – Scout2 for Security Auditing on your AWS Infrastructure

The cloud platform is a way to go for most companies today. With all the advantages like scalable, redundant, fault-tolerant, and highly available infrastructure, the cloud seems like a way to go for when thinking of long term growth. Let’s not go to the overly discussed topic of cloud vs on-primes infrastructure. Security should be … Read more

Deploy the Mattermost server. Install Mattermost on Ubuntu using PostgreSQL and Nginx. A privacy alternative for slack.

Communication is the most important aspect of the team’s success. Having efficient communication with the team members has to be a key component for any team leader. This key component in today’s corporate environment is dominated by Instant messaging tools like slack and discord. This wasn’t the case before, instead the use of email was … Read more

Cisco Meraki iPSK using FreeRADIUS

Choosing an authentication protocol for networking devices is one of the critical tasks. And when we talk about wireless authentication WPA2 and WPA2-Enterprise are the most used protocol. When we think of enterprise wireless network there are various challenges that an administrator may face while choosing which protocol to use. Each method has its own … Read more

Installation of PFELK on ubuntu. ELK for pfSense

As per my promise or I can say mention of pfSense installation I am presenting the installation guide. By the way, I just copied every step from the GitHub repository document if anyone is wondering. Steps given in the official documentation are perfect and straight forward. I honestly rewrote it because I was running out of ideas and I promised it in the previous post.  But one thing I would say that if you are a beginner like me don’t use scripted install, do it manually. It is good to know what components are being installed to get it done. The one important thing I would say about ELK (btw, I have told this many times before but I need content, JK ;)) is that it is a base for so many SIEM and cannot be neglected from learning it from the base. You can customize it so much to basically make it look like you :). Now enough of these fillers let’s get straight … Read more