Detect Reverse Shells With Wazuh! - Let's Build A Host Intrusion Detection System

Ғылым және технология

Join me as we use Metasploit to obtain a reverse shell on a vulnerable host, and then use Wazuh's command wodle to detect reverse shells! Let's deploy a Host Intrusion Detection System and SIEM with free open source tools. Join me as we explore and learn together.
Github Repo: github.com/OpenSecureCo/Demos...
Defend with us on Slack: bit.ly/2Pi1byt
Check us out: www.opensecure.co/
Interact with our demo: www.opensecure.co/demo
Hire us: www.opensecure.co/contact-us

Пікірлер: 10

@michailgiannopoulos52743 жыл бұрын
Cool video. Please do more about Wazuh product. It looks phenomenal!
@taylorwalton_socfortress
3 жыл бұрын
Hey Michail, yes, wazuh is an awesome tool :) I have a lot of other wazuh videos so check those out if you haven’t already. Please feel free to make any recommendations for other tools! Thanks for watching!
@alejandroparrello6493 Жыл бұрын
You're the master Taylor! 👏👏🤘🦸
@Damielsestrem7 ай бұрын
Hi Taylor, how can i adapt your tutorial for windows? for example... to lateral moviment with eternalblue or something like that... is the same way? can u give me an example?
@alejandroparrello64938 ай бұрын
Dear taylor, I have a question: where/how did you learned about wazuh? Just from public wazuh documentation? Or some official course? Regards from Argentina 👋 😊
@samuraidenis2 жыл бұрын
Thanks again. Thoughts on shell from Windows ?
@yassine48553 жыл бұрын
Great vid! I got a question for you bro I know that wazuh can monitor network devices like firewalls and switchs but is it possible to make the the firewall block IP address from wazuh using the response feature?
@taylorwalton_socfortress
3 жыл бұрын
Hey Yassine, good question. Wazuh can ingest syslog which firewalls and switches can be configured to output. However, firewalls and switches generally have their own OS which is far different than a Linux, Windows, etc. OS and a Wazuh Agent cannot be installed on those type of OS. I recommend deploying a Wazuh-Agent on a jumpserver, bastion, reverse proxy, etc. that end users must interact with before they can get into your network. For example, one of my networks has a bastion server that users must logon to before they can interact with any internal hosts. The bastion server is a linux distro, is facing the internet and is running a wazuh-agent. I have active response enabled on this server so, for example, when an Ip address is observed attempting to login with multiple failed logins, active response runs and adds their IP as an iptables drop to the bastion server. This is a server that sits behind the firewall and in front of the internal network so no traffic can get through unless a valid user has logged onto the bastion server first and is a similar solution to what you are looking for. Hope that helps and thanks for watching!
@isriadeputra Жыл бұрын
wrong password admin "metallica", and not can check ip with "ip a/ ifonfig" message :comand not found
@antonandreea5291
3 ай бұрын
did you find the right password?