Skip to main content


Showing posts from March, 2018

Open Source Intrusion Detection Tools [BEGINNER’S GUIDE]

IDS Basics If you aren’t already running network IDS, you should be. There are two types of Network IDS:  Signature Detection & Anomaly Detection In a signature-based IDS, there are rules or patterns of known malicious traffic that it is looking for. Once a match to a signature is found it generates an alert. T hese alerts can turn up issues such as malware, scanning activity, attacks against servers and much more. With anomaly-based IDS, the payload of the traffic is far less important than the activity that generated it. An anomaly-based IDS tool relies on baselines rather than signatures. It will look for unusual activity that deviates from statistical averages of previous activities or activity that has been previously unseen. Perhaps a server is sending out more HTTP activity than usual or a new host has been seen inside your DMZ. Both are typically deployed in the same manner, though one could make the case you could easily (and people have) create an anomaly-based IDS on ext

Umbrella Dropper a phishing mechanism

PHISHING ATTACK     Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive informatio n . An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft. UMBRELLA DROPPER Umbrella Dropper, which is dedicated to most pen-testing, it downloads files on the target system and executes them without a double execution of .exe, only of embed. Features Download executable on target system. Silent execution. Download and execute executable once time. If the exe already had downloaded and running, open only pdf/docx/xxls/jp