projects:cybersecurity:start
Created this since I forsee this to be relatively large investment. Main goal is OSCP.
https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=0
Two main systems to focus on for IDS: OSSEC and Snort. Consider deployment.
Cool site on different protocols in diagrammatic form: https://www.firewall.cx/networking-topics/protocols.html
Snort 3 installation steps (had trouble with Snort 2 for Windows 10), which was copied from link (which has a ridiculous number of ads), for Ubuntu 22.04 LTS:
# Install dependencies sudo apt-get install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev # Grab repo sources cd /srv/projects/snort/src git clone https://github.com/snort3/libdaq.git wget https://github.com/gperftools/gperftools/releases/download/gperftools-2.10/gperftools-2.10.tar.gz tar xzf gperftools-2.10.tar.gz git clone https://github.com/snortadmin/snort3.git # Install libDAQ cd /srv/projects/snort/src/libdaq ./bootstrap ./configure make sudo make install # Install Tcmalloc cd /srv/projects/snort/src/gperftools-2.10 ./configure make sudo make install # Install Snort 3 cd /srv/projects/snort/src/snort3 ./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc cd build make sudo make install # Update shared libraries sudo ldconfig
- Stationary: https://otexts.com/fpp2/stationarity.html
- Beautiful article on within-dataset correlations: https://stats.stackexchange.com/questions/133155/how-to-use-pearson-correlation-correctly-with-time-series
- Snort for data analysis: https://www.coresentinel.com/processing-pcap-files-snort/
- Example stuff...? https://homes.cs.ru.ac.za/B.Irwin/Theses/Nkhumelenei%202014%20Msc.pdf
projects/cybersecurity/start.txt · Last modified: 19 months ago ( 2 May 2023) by 127.0.0.1