It was a wet weekend in southern Maine and I actually didn’t really feel like doing chores, so I used to be skimming by way of RSS feeds and observed a hyperlink to a PacketMaze challenge within the newest This Week In 4n6.
Because it’s additionally been some time since I’ve carried out any severe content material supply (on the non-public aspect, anyway), I assumed it’d be enjoyable to unravel the problem with some instruments I like — particularly Zeek, tshark, and R (hyperlinks to these within the e-book I’m linking to under), craft some actual expository round every answer, and bundle all of it up into an e-book and lighter-weight GitHub repo.
There are 11 “quests” within the problem, requiring sifting by way of a packet seize (PCAP) and in search of varied odds and ends (some are very windy maze passages). The problem ranges from extracting photographs and picture metadata from FTP periods to pulling out exact components in TLS periods, to coping with IPv6.
That is removed from an skilled problem, and anybody can probably work by way of it with somewhat little bit of elbow grease.
Because it says on the tin, not all information is ‘massive’ nor do all data-driven cybersecurity tasks require superior modeling capabilities. Generally you simply must dissect some community packet seize (PCAP) information and don’t wish to click on by way of a GUI to get the job carried out. This brief ebook works by way of the questions in CyberDefenders Lab #68 to indicate how one can get the Zeek open source network security tool,
tshark command-line PCAP analysis Swiss army knife, and R (through RStudio) working collectively.
In case you discover the useful resource useful or produce other suggestions, drop a word on Twitter (@hrbrmstr), in a remark right here, or as a GitHub situation.
*** It is a Safety Bloggers Community syndicated weblog from rud.is authored by hrbrmstr. Learn the unique publish at: https://rud.is/b/2021/07/20/packet-maze-solving-a-cyberdefenders-pcap-puzzle-with-r-zeek-and-tshark/