Author Archives: Scott

Cyber Range Lab Assignment 4

In this lab we take a look at how Snort rules are written and configured, as well as how to make use of them when they are noisy. We then look at iptables, and configure a local host-based firewall to … Continue reading

Posted in IST 894 Portfolio | Leave a comment

Cyber Range Lab Assignment 3

This lab is titled: Hands-on with Encryption Primitives and Block Cipher Modes of Operation. In it we use and compare four different AES-128 modes of operation in different file types and situations to see which are more secure and which … Continue reading

Posted in IST 894 Portfolio | Leave a comment

Cyber Range Lab Assignment 2

This laboratory exercise is about password auditing and buffer overflows.

Posted in IST 894 Portfolio | Leave a comment

Cyber Range Lab Assignment 1

This laboratory exercise focuses on Linux networking and command line tools.

Posted in IST 894 Portfolio | Leave a comment

Cyber Range Evaluation Report

This report performs a comparative analysis of three commercial cyber range platforms based on a comparison matrix to score them based on their features.

Posted in IST 894 Portfolio | Leave a comment

Use Bro to spot SSL phishing pages (part 1)

A lot of phishes are starting to use SSL certificates, and this makes things interesting for a few reasons. Two big ones are: – End users are trained to look for the green padlock, because if it’s there the page … Continue reading

Posted in Bro | Leave a comment

How to Integrate CIF feeds into Bro Intel files

So you set up a SSH honeypot¬†and are gathering data, but what do you do with it? If you have Bro installed, you can integrate your feeds for monitoring in less than 15 minutes. I’ll show you how to pull … Continue reading

Posted in Bro, CIF, CSIRTG | Leave a comment

Install a SSH honeypot, and have the data logged in 3 easy steps

Did you ever wonder who is trying to log on to your server? Here is how to set up a SSH honeypot inside of a Docker container that sends the data to CSIRT Gadgets using the Collective Intelligence Framework (CIF) … Continue reading

Posted in CIF, Docker, SSH | Leave a comment