What is Brim? Brim is an open-source desktop application that processes pcap files and logs files, with a primary focus on providing search and analytics. It uses the Zeek log processing form...

Open the tool folder and double click on the .exe file. Intro to Network Forensics Network Forensics is a specific subdomain of the Forensics domain, and it focuses on network traff...

Anomalous DNS An alert triggered: ”Anomalous DNS Activity”. The case was assigned to you. Inspect the PCAP and retrieve the artefacts to confirm this alert is a true positive. Initializing Zeek:...

Reference: [The Basics — Book of Zeek (git/master)](https://docs.zeek.org/en/master/scripting/basics.html) detect-MHR.zeek: ##! Detect file downloads that have hash values matching files in Te...

Default log path /opt/zeek/logs Necessary sudo permission sudo su Checking Zeek version zeek -v Zeek Control Module zeekctl status zeekctl start zeekctl stop PCAP processing mode with Z...

A VM is attached to this room. You don’t need SSH or RDP; the room provides a “Split View” feature. Exercise files are located in the folder on the desktop. Log cleaner script “clear-logs.sh” is av...

Date: 03/06/2024 — NMAP Scans Nmap is an industry-standard tool for mapping networks, identifying live hosts and discovering the services. As it is one of the most used network scanner tools, a ...

Wireshark Basics Packet Lookups: Viewing File Details Statistics --> Capture File Properties Marking a Packet Edit > Mark Packet Commenting Helps with marking a pack...

FOR MORE PRACTICE USE DAVID BOMBAL’s playlist: https://www.youtube.com/playlist?list=PLhfrWIlLOoKMO9-7NxYN3TxCdcDecwOtj Use Cases Wireshark is one of the most potent traffic analyser tools av...

Writing IDS rules (HTTP) Navigate to the task folder. Use the given pcap file. Write rules to detect “all TCP port 80 traffic” packets in the given pcap file. What is the number of detected...