NF Post 12 : Starting up with Graylog

2001586155sefira/ January 6, 2019/ Uncategorized/ 0 comments

To begin with, download Graylog OVA file and import it to your virtual machine. In this case, I use Oracle virtual box. This might take a while. When it’s finish, there will be a graylog in your VM. Click it and go to setting before starting it, and change the network connection to NAT so when it start, there won’t

Read More

NF Post 11 : TCP and UDP

2001586155sefira/ January 4, 2019/ Uncategorized/ 0 comments

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are 2 types of protocol. Both of them are used for sending packages over the internet, and both are build on top of internet protocol (IP). These protocols are not the only protocols that work on top of IP, but they are the most common protocols. Here are some description of both

Read More

NF Post 10 :Honeypot

2001586155sefira/ January 2, 2019/ Uncategorized/ 0 comments

If you ever wander how the to capture network attackers, then knowing about honeypot is a good thing. In computing, honeypot is a real or simulated system designed to attract attacks on itself. So basically, honeypot is a network system that act as a decoy to lure cyber attackers, detect, deflect or study hacking attempts. Honeypot rose in popularity back in late

Read More

NF Post 9 : Network Forensics

2001586155sefira/ December 30, 2018/ Uncategorized/ 0 comments

In the previous posts, we have mention several topics related to network forensics. But, what exactly is network forensics itself? According to A Road Map for Digital Forensic Research, report from DFRWS 2001, Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion

Read More

NF Post 8 : Fast Flux DNS

2001586155sefira/ December 29, 2018/ Uncategorized/ 0 comments

Fast-flux is a service networks designed to dynamically change and obscure central malware server IP addresses. It makes blocking malicious traffic harder to defend and it harder for defenders to block malicious traffic tracking the central attacker servers. Usually, to detect and block malware, network administrator built and distribute blacklist “bad IP” addresses known to be hosting malware or acting

Read More

NF Post 7 : Network Forensics Investigative Methodology (OSCAR)

2001586155sefira/ December 28, 2018/ Uncategorized/ 0 comments

Similar to other forensic task, discovering and analyzing evidence from network sources has to be done in steps so that the results can be accurate. Forensic investigators should perform our activities within a methodological framework. According to Sherri Davidoff and Jonathan Ham in Network Forensics : Tracking Hackers through Cyberspace, the recommended way to recover a digital evidence is: Obtain information

Read More

NF Post 6 : DNS Security

2001586155sefira/ December 26, 2018/ Uncategorized/ 0 comments

To begin with, in DNS protocol there is a process of translating names like something.com into an IP address. One vulnerability of DNS is when this process happens, attacker can hijack this process take control of the session to, for example, send the user to the hijacker’s own malicious website. There is only one long-term solution to solve this vulnerability,

Read More

Centralized log

2001586155sefira/ December 13, 2018/ Uncategorized/ 0 comments

Logs are important part of a system. Logs give information about that the system is up to. It is hard to manage log on a system with multiple host. Searching for an error across many log files is hard, specially without a good tool. Centralized log is a common answer to this problem. In centralized log, multiple logs can be

Read More

NF Post 3 : Wireshark

2001586155sefira/ December 7, 2018/ Uncategorized/ 0 comments

Wireshark is a free open source GUI protocol analyzer that can be downloaded for free. It enables users to interactively browse the data traffic on a computer network. Bellow is the default interface of Wireshark. It includes : Packet list Packet details Packet bytes example usage of wireshark: Filtering based on port number filtering based on protocol filtering based on http

Read More