#cybersecgirl tool tip:
Wazuh is a free and open source security solution that offers unified SIEM and XDR protection across several platforms. It is used for threat detection, prevention, and response.
Use it to protect networks, virtualized environments, containers, and cloud environments.
#cybersecgirl #infosec #cybersecurity #privacytechpro #opensource #wazuh
Do you recommend Protonmail?
i do. love their self destructing email and password protected email options. they bought out simplelogin so paid plans get alias emails that you can receive AND send from. i'm also a fan of their active involement with the OpenPGP Working Group at the Internet Engineering Task Force (IETF).
""The result of this is the βcrypto refresh" of the OpenPGP standard, as it has been dubbed, has brought about modern authenticated encryption, more secure curves, memory-hard password hashing, and more."
that said, email is inherently not secure, but we all have to use it. i recommend using simplex or better yet, in-person communication for sensitive matters
I use Protonmail, I used to use Gmail when I wasnt educated about it. Then I got ads based on emails and I was like screw this
So sexy
yes she is. how are things going with your home lab?
no need for details π
Good so far. A Nmap scan and everything logs correctly. I havenβt done many projects yet other than testing.
Iβm currently playing with custom firewall rules and seeing if I can improve upon the defaults. So far Iβm not seeing anything major.
Next I may just setup traffic between the server and windows box for logging practice.
awesome π€π»π₯
nostr:npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazcka ok question.
Opened up a SSH connection and successful login from windows to server.
It registers on dashboard correctly and logged as low level 3 by rules.
Nice.
Next I am going to purposefully trigger higher 8-10 alarms with multiple incorrect logins, reverse lookups, etc.
After that Iβm not sure what to look at. Any ideas on next steps of basic logging? Custom rules maybe?
check this out. it will get you going
nmap π«Ά
Id been looking for a package exactly like this. π
awesome. it's good stuff
The one I was about to go for was Greenbone - are you familiar with that one?
i am. they've been around a while. i'm not a fan of the interface. it's pretty old-school (i usually like old-school) but it's not super user-friendly imo.
Thanks for the input!
you bet. check this out
Oh networkchuck covered this? Nice!
Do you have any recommendations for a firewall for a desktop Linux system? I've been looking into an application based one, landed on OpenSnitch, but I don't know if I can trust it.
firewalld is what is installed by default, but seems like overkill and complicated. I do not have enough knowledge of Linux yet, just enough to get into trouble but not how to fix.
Mihari is a great free toolset for threat hunting or CTI to add to the SIEM/XDR. Supports several services.
Yeah, Wazuh is great tool, it provides good visibility into your infrastructure. #Velociraptor is another example, but more useful for incident response and threat hunting in larger networks.
In top of that, network monitoring with IDS such as #suricata + ET Open signatures is useful addition especially for detect threats and anomalies originating from devices without wazuh installed. Analyzing traffic from IoT, guest laptops and smartphones and identification of all devices connected to the network is often very educative exercise.
