Thank You Motasem!! And yes, please do some more Snort walkthroughs. It's been hardest for me so far in SOC T1 path.
@davidmohan2698
2 жыл бұрын
How do you justify it being SSH. It could be port 80 because its the same two ip addresses back and forth so where do you come to the conclusion its just browsing? Could be brute force on login page. Please can you explain more clearly. There are more packets from port 80 than port 22. If there are multiple ip addresses visiting that port you could class that as browsing because a lot of people visit that page.
@user-sx4qu2ht3d
8 ай бұрын
I think you can just check both.
@johnpaulramelo6100
Жыл бұрын
May i ask if we can have a copy of your snort commands ? just the snort only hehe or maybe we can purchase? thanks.
@AboodSpiN
Жыл бұрын
Thank you so much brother!!! amazing explanation, please don't mind me asking, do you look at the malicious port regardless if its from our IP port or destination IP port?
@zero-ib1jd
6 ай бұрын
Wonderful video thanks!
@zidanetribal2343
2 жыл бұрын
or , further before using -A full to stop the attack you can use this command to check the rule in IPS mode, sudo snort -c -q -Q --daq afpacket -i eth0:eth1 -A console
@scottp8329
Жыл бұрын
loving the vid's really helping me 🤙🏼
@aslammap
Жыл бұрын
THIS IS GREAT THANK YOU
@Maccanarchy
4 ай бұрын
Absolute legend
@siddhant2943
2 жыл бұрын
I got the flag in first attempt. But I didn't read the whole logs. Seeing that many http requests on port 80 I thought its obviously tcp/80.
@darttrapdoor9842
5 ай бұрын
In production, this is not a great rule. Yes, it gets you the flag (which is all that counts) but if there is a legit ssh server then blocking all traffic to it is effectively a DOS. better to write a more targetted rule for the source and desitnation.
@zedhacking
5 ай бұрын
thats write ! like this rule maybe drop tcp 10.10.245.36 any -> any 22 (msg: " Stop the attacker SSH " ; sid: 1000001; rev:1; )
@aspeakgaming3564
Жыл бұрын
I dont understand the point of writing a local rule and then using the default config
@twixigan1387
Жыл бұрын
I didn't either. I used /etc/snort/rules/local.rules instead of the default config and it worked.
@austynstephens9263
10 ай бұрын
Thanks for the support
@barood3
8 ай бұрын
thanks motaism , where I can find your note .. give me the name in your website , its in Special Courses Catalog or Cybersecurity Field Notes
@user-sx4qu2ht3d
8 ай бұрын
hello, what app/document do you use to layout your notes like that?
@MotasemHamdan
8 ай бұрын
Hello, Obsidian
@mahfouzsarmini1244
6 ай бұрын
what the name website when try looking for command ?
@qani613
2 жыл бұрын
hey Motasem, where can I find the link for your notes ? I can't find it on your channel
@MotasemHamdan
2 жыл бұрын
kzitem.info/rock/NSdU_1ehXtGclimTVckHmQjoin
@muradrzazade
2 жыл бұрын
@@MotasemHamdan Can you please make it available in Azerbaijan as well?
@iits3mmar
Жыл бұрын
How I can get access to your notes ?
@MotasemHamdan
Жыл бұрын
Hello, notes are part of channel membership tier 2. Details: motasem-notes.net/cyber-security-field-notes/
@fakridinemichaelson9802
2 ай бұрын
ehre can we find out your note
@MotasemHamdan
2 ай бұрын
Check below link out; buymeacoffee.com/notescatalog/extras
Пікірлер: 29