Security Onion for Analysts and Threat Hunters
Virtual - Apr 29-May 2, 2025
Use the following code before Friday February 28, 2025 to get 10% off!
earlybird
For more info and to register:
https://securityonionapr2025.eventbrite.com/
Showing posts with label analysis. Show all posts
Showing posts with label analysis. Show all posts
Monday, January 27, 2025
Friday, September 6, 2024
Quick Malware Analysis: GULOADER and REMCOS RAT pcap from 2024-08-26
Thanks to Brad Duncan for sharing this pcap from 2024-08-26 on his malware traffic analysis site! Due to issues with Google flagging a warning for the site, we're not including the actual hyperlink but it should be easy to find.
We did a quick analysis of this pcap on the NEW Security Onion 2.4.100:
https://blog.securityonion.net/2024/08/security-onion-24100-now-available.htmlIf you'd like to follow along, you can do the following:
- install Security Onion 2.4.100 in a VM:
https://docs.securityonion.net/en/2.4/first-time-users.html - import the pcap using the SOC Grid interface:
https://docs.securityonion.net/en/2.4/grid.html#icons-in-lower-left-corner - optionally enable the DNS lookups feature:
https://docs.securityonion.net/en/2.4/soc-customization.html?#reverse-dns-lookups
The screenshots at the bottom of this post show some of the interesting alerts, metadata logs, and session transcripts. Want more practice? Check out our other Quick Malware Analysis posts at:
https://blog.securityonion.net/search/label/quick%20malware%20analysis
About Security Onion
Security Onion is a versatile and scalable platform that can run on small virtual machines and can also scale up to the opposite end of the hardware spectrum to take advantage of extremely powerful server-class machines. Security Onion can also scale horizontally, growing from a standalone single-machine deployment to a full distributed deployment with tens or hundreds of machines as dictated by your enterprise visibility needs. To learn more about Security Onion, please see:
https://securityonion.net
Screenshots
First, we start with the overview of all alerts and logs:
Near the end of that TCP stream we see usernames and passwords being exfiltrated:
Wednesday, April 17, 2024
Top 5 Reasons to Sign Up for our 4-day Security Onion Fundamentals for Analysts & Admins Class in June 2024
Security Onion Solutions has been teaching Security Onion classes since 2014. Since that time, we've taught students around the globe to help them peel back the layers of their enterprise and make their adversaries cry!
Our next class is in June. Why should you sign up? Here are the top 5 reasons!
1. Amazing instructors
Our instructors are not like other instructors that just read from a slide deck. Security Onion Solutions instructors have years of experience in threat hunting, enterprise security monitoring, and log management. They have worked in real-world operational security roles, engineered monitoring strategies and solutions, and handled real-world incidents. They bring their practical experience to the classroom, enabling students in both theory and hands-on application to hunt adversaries in environments large and small.
2. Comprehensive course material and labs
As a student, you will receive over 300 pages of course material filled with tips and tricks to help you peel back the layers of your enterprise and make your adversaries cry. That amazing content is reinforced by the immersive real-world case studies.
3. Training for Security Onion 2.4
We released Security Onion 2.4 last year with many new features and we've continued to add new features at each new release. This class will help you take advantage of all those new features!
4. We teach the only OFFICIAL training for Security Onion
Security Onion Solutions is the only official provider of Security Onion training. If you want the best training, get it from the company that developed the platform!
5. Support development of the free and open platform
Security Onion has been a free and open platform since 2008. We've invested many years of development into making Security Onion even better at helping you peel back the layers of your enterprise and making your adversaries cry. If you purchase training from us, you are helping to cover the cost of developing and maintaining the Security Onion platform, now and in the future.
Sign up today
There are a limited number of seats for this amazing class and the registration deadline is June 10, 2024. Don't delay, reserve your seat today!
https://securityonionjune2024.eventbrite.com/
Tuesday, April 2, 2024
10% Early Bird discount for Security Onion Fundamentals for Analysts & Admins Class in June 2024!
We've scheduled the next run of our 4-day Security Onion Fundamentals for Analysts & Admins class!
Use promo code earlybird by April 16, 2024 to receive 10% off!
For more details and to register, please see:
https://securityonionjune2024.eventbrite.com
If you have any questions about this class, please use the Contact link on the bottom of the Eventbrite page.
For other training options, please see:
https://securityonionsolutions.com/training/
Tuesday, January 3, 2023
10% Early Bird discount for New Security Onion Analysts & Threat Hunters Class in March 2023!
We've scheduled the first pilot run of our new 4-day Security Onion for Analysts & Threat Hunters class!
Use promo code earlybird by January 31, 2023 to receive 10% off!
For more details and to register, please see:
https://securityonionsolutions.com/training/
If you have any questions, please use the Contact link on the bottom of the Eventbrite page.
Thanks!
Subscribe to:
Posts (Atom)