Posts tagged Networking

3 min Incident Detection

How to Alert on Rogue DHCP Servers

How to alert on rogue DHCP servers using network traffic as a data source. We look at how you can use Wireshark or LANGuardian to detect DHCP servers.

3 min Incident Detection

5 Tips For Monitoring Network Traffic on Your Network

Monitoring traffic on your network is important if you want to keep it secure. These five tips will help you get the most out of your (NTA) tool.

2 min Incident Detection

MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis

Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic

2 min InsightIDR

How to detect SMBv1 scanning and SMBv1 established connections

How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.

3 min InsightIDR

How To Detect Unauthorized DNS Servers On Your Network

DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network

2 min InsightIDR

How to Detect BitTorrent Traffic on your Network

Learn how to detect BitTorrent traffic on your network to capture metadata such as INFO-HASH, IP addresses, and usernames.

3 min InsightIDR

How to Troubleshoot Slow Network Issues With Network Traffic Analysis

In this blog, we discuss how to troubleshoot slow network issues with Network Traffic Analysis.

9 min Project Sonar

Project Sonar Study of LDAP on the Internet

The topic of today's post is a Rapid7 Project Sonar [http://sonar.labs.zq-shop.net/] study of publicly accessible LDAP services on the Internet. This research effort was started in July of this year and various portions of it continue today.  In light of the Shadowserver Foundations's recent announcement [http://ldapscan.shadowserver.org/] regarding the availability relevant reports we thought it would be a good time to make some of our results public. The study was originally intended to be a

3 min InsightIDR

3 Ways for Generating Reports on WAN Bandwidth Utilization

3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.

2 min AWS

The real challenge behind asset inventory

As the IT landscape evolves, and as companies diversify the assets they bring to their networks - including on premise, cloud and personal assets - one of the biggest challenges becomes maintaining an accurate picture of which assets are present on your network. Furthermore, while the accurate picture is the end goal, the real challenge becomes optimizing the means to obtain and maintain that picture current. The traditional discovery paradigm of continuous discovery sweeps of your whole network

5 min Events

The Black Hat Attendee Guide Part 5 - Meaningful Introductions

If you are just joining us, this is the fifth post in the series starting here [/2015/07/13/the-black-hat-attendee-guide-part-1]. Making An Introduction I might be wrong, but I'll argue that networking is a transitive verb, so ENGAGE! The real magic starts happening as you progress: * Level 1-- Start with a “Hi, my name is… ” Yes, it's that simple, thanks to Slim Shady [http://youtu.be/dQw4w9WgXcQ?t=43s] * Level 2-- Demonstrate that you have an idea of the world the other person live

2 min Networking

Top 3 Reasons Small-to-Medium Businesses Fail at Security

Cyberattacks are on the rise with more sophisticated attack methods and social engineering being employed against just about any entity with an Internet presence. According to a recent study cited by the U.S. House Small Business Subcommittee on Health and Technology, companies that were 250 persons or less were the target of 20% of all cyberattacks. A more sobering claim of the study is the roughly 60% of small businesses that close within 6 months following a cyberattack. While cyberattacks a

3 min Incident Detection

Finding Out What Users are Doing on Your Network

One of the most common questions in IT is how to find out what users are doing on a network. We break down the common ways to monitor users on your network.

3 min Microsoft

Microsoft EMET 4.0 might be the best enterprise security tool you're not using yet

Cross-posted from dangerous.net [http://blog.dangerous.net/2013/04/microsofts-emet-40-free-enterprise.html] Last week Microsoft announced [http://blogs.technet.com/b/srd/archive/2013/04/18/introducing-emet-v4-beta.aspx] their 4.0 beta release of EMET (Enhanced Mitigation Experience Toolkit). If you are responsible for securing Windows systems, you should definitely be looking at this free tool if you haven't already. EMET is a toolkit provided by Microsoft to configure security controls on Wi

2 min Metasploit

Introduction to Metasploit Hooks

Metasploit provides many ways to simplify your life as a module developer. One of the less well-known of these is the presence of various hooks you can use for processing things at important stages of the module's lifetime. The basic one that anyone who has written an exploit will be familiar with is exploit, which is called when the user types the exploit command. That method is common to all exploit modules. Aux and post modules have an analogous run method. Common to all the runnable modules