CyberSec_Blog

  This guide explains how to install, configure, and automate Suricata intrusion detection alerts to be sent directly to Telegram using a simple Bash script. The setup uses the af-packet capture mode and monitors the Suricata eve.json log file for new alerts. 🛠️ 1. Installing Suricata and Dependencies Start by installing Suricata and the required tools for the notification script: sudo apt update sudo apt install -y suricata jq curl Suricata – intrusion detection system jq – parses JSON logs curl – sends messages to Telegram via API ⚙️ 2. Configure Suricata (suricata.yaml) Edit the main configuration file: sudo nano /etc/suricata/suricata.yaml Replace its content (or relevant parts) with the minimal working configuration below: %YAML 1.1 --- # =============================== # Suricata minimal config # =============================== vars: address-groups: HOME_NET: "[192.168.0.0/16]" EXTERNAL_NET: "!$HOME_NET" port-groups: HTTP_PORT...

  One of your junior system administrators forgot to deactivate two accounts from a pair of recently fired employees. We believe these employees used the credentials they were given in order to access some of the many private files from our server, but we need concrete proof. The junior system administrator only has a small network capture of the incident and a memory dump of the Local Security Authority Subsystem Service process. Fortunately, for your company, that is all you need. The step which is required to decrypting the captured packet file (with chatGPT help) :  import hashlib import hmac import argparse # stolen from impacket. Thank you all for your wonderful contributions to the community try : from Cryptodome.Cipher import ARC4 from Cryptodome.Cipher import DES from Cryptodome.Hash import MD4 except Exception: print ( "Warning: You don't have any crypto installed. You need pycryptodomex" ) print ( "See https://pypi.org/project...