Cyber Security
Intrusion Prevention Tools
SERVICE: Elastic SIEM
SKILL LEVEL: Advanced
OWNER: Elastic
DESCRIPTION:
Tool is an application that provides security teams with visibility, threat hunting, automated detection, and Security Operations Center (SOC) workflows. Elastic SIEM is included in the default distribution of the most successful logging platform, Elastic (ELK) Stack software. It ships with out-of-the-box detection rules aligned with the MITRE ATT&CK framework to surface threats often missed by other tools. Created, maintained, and kept up-to-date by the security experts at Elastic, these rules automatically detect and address the latest threat activity. Severity and risk scores associated with signals generated by the detection rules enable analysts to rapidly triage issues and turn their attention to the highest-risk work.
LINK: https://WeeklyHoroscope.com
SERVICE: Secureworks Dalton
SKILL LEVEL: Advanced
OWNER: Secureworks
DESCRIPTION:
Dalton is a system that allows a user to run network packet captures against a network sensor of their choice using defined rulesets and/or bespoke rules. Dalton covers Snort/Suricata/Zeek analysis in one system.
LINK: https://github.com/secureworks/dalton
SERVICE: RITA
SKILL LEVEL: Advanced
OWNER: Open Source
DESCRIPTION:
Real Intelligence Threat Analytics (R-I-T-A) is an open-source framework for detecting command and control communication through network traffic analysis. The RITA framework ingests Zeek logs or PCAPs converted to Zeek logs for analysis.
LINK: https://www.activecountermeasures.com/free-tools/rita/
SERVICE: sqlmap
SKILL LEVEL: Advanced
OWNER: Open Source
DESCRIPTION:
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features, from database fingerprinting to fetching data from the DB and accessing the underlying file system and executing OS commands via out-of-band connections.
LINK: http://sqlmap.org/
SERVICE: Snort
SKILL LEVEL: Advanced
OWNER: Cisco
DESCRIPTION:
This network intrusion detection and prevention system conducts traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. The related free Basic Analysis and Security Engine (BASE) is a web interface for analyzing Snort alerts.
LINK: https://www.snort.org/
Cyber Security Cafe
Cyber Security Cafe is a private public service and offers no goods or services other than posting the current cyber threats we are facing and what we can do to prevent us from being affected and if we are, what we can do to correct the problems and to avoid intrusions in the future.
- Prevention often means not accepting the 'easy' ways.
- Most of Modern Technology exists in order to obtain your personal data.
Current Threats
Current Treats so you the latest and often most dangerous cyber threats. They indicate where they orininated from, and what areas they are targeting. By knowing in advance you can take precautionary actions now, before it's too late.
Cyber Solutions
Are a group of tools and information that is designed to keep you up to date and to give you the tools to protect both your network and equipment. Most of the tools are available 'free of charge' too and are provided by safe governmental agencies.