Projects
SSH and HTTP Traffic Analysis with Snort
Objective:
Detect suspicious SSH and HTTP activities using Snort IDS and analyze network traffic anomalies.
Process and Tools Used:
Snort Configuration: I configured Snort IDS with custom rules to monitor SSH and HTTP traffic.
Traffic Logging: Captured live network traffic to detect anomalies such as brute-force attempts and unauthorized HTTP GET requests.
Alert Visualization: Used Snorby to analyze and visualize traffic patterns flagged by Snort.
Findings:
Non-standard SSH Traffic: Continuous traffic between IP 172.29.0.1 and 172.29.0.3.
Brute-Force Attempts: Multiple SSH access attempts from 10.3.40.7 to port 22.
Suspicious HTTP Requests: Unusual HTTP GET requests from 10.3.40.16 to port 80.
Recommendations:
Access Controls for SSH: Restrict SSH access to trusted IPs and use fail2ban to block repeated failed logins.
Firewall Rules: Limit external traffic to internal networks to prevent unauthorized access.
Web Application Firewall (WAF): Use WAF to monitor and filter suspicious HTTP requests.
This project focused on configuring Snort IDS to identify real-world network anomalies, such as brute-force attacks and suspicious HTTP traffic. By utilizing Snorby for alert visualization, I demonstrated how actionable insights can enhance organizational network security.
Malicious File Detection and Analysis
Objective:
Analyze a suspicious file to detect malware and propose effective remediation strategies.
Process and Tools Used:
Network Monitoring: I began with netstat to identify unusual network connections.
File Analysis: Uploaded suspicious files to VirusTotal to perform an initial malware scan.
Deep Scanning: Verified findings using ClamAV UI, which confirmed the presence of malicious content.
Hash Identification: Generated an MD5 hash of the malicious file for identification and reporting.
Findings:
Malicious File: file176.exe
Suspicious IP: 123.35.104.34
MD5 Hash: f48a8687e91fd9ef98cd1b7aaeeb2a4c
Recommendations:
Enable Antivirus Protection: Regularly update antivirus software to detect known threats.
Hash-Based Detection: Add the malicious file’s hash to antivirus databases for proactive detection.
Network Monitoring: Implement tools to monitor unusual external IP connections.
This project emphasized my ability to quickly identify malware using industry-standard tools like VirusTotal and ClamAV, ensuring accurate detection and reporting. It showcased how network anomalies can indicate deeper file-based threats, allowing for targeted mitigations.
Network Traffic Analysis Detecting SSH & HTTP Anomalies
Objective:
Detect suspicious SSH and HTTP activities using Snort IDS and analyze network traffic anomalies.
Process and Tools Used:
Snort Configuration: I configured Snort IDS with custom rules to monitor SSH and HTTP traffic.
Traffic Logging: Captured live network traffic to detect anomalies such as brute-force attempts and unauthorized HTTP GET requests.
Alert Visualization: Used Snorby to analyze and visualize traffic patterns flagged by Snort.
Findings:
Non-standard SSH Traffic: Continuous traffic between IP 172.29.0.1 and 172.29.0.3.
Brute-Force Attempts: Multiple SSH access attempts from 10.3.40.7 to port 22.
Suspicious HTTP Requests: Unusual HTTP GET requests from 10.3.40.16 to port 80.
Recommendations:
Access Controls for SSH: Restrict SSH access to trusted IPs and use fail2ban to block repeated failed logins.
Firewall Rules: Limit external traffic to internal networks to prevent unauthorized access.
Web Application Firewall (WAF): Use WAF to monitor and filter suspicious HTTP requests.
This project focused on configuring Snort IDS to identify real-world network anomalies, such as brute-force attacks and suspicious HTTP traffic. By utilizing Snorby for alert visualization, I demonstrated how actionable insights can enhance organizational network security.
Cyber security
Protecting systems against evolving cybersecurity threats.
Contact
Solutions
jaycaraballo@fortifymynetwork.tech
© 2024. All rights reserved.
