all InfoSec news
Detecting Kali machine on network using Suricata
Feb. 11, 2023, 11:15 a.m. | /u/L0GFL00D
cybersecurity www.reddit.com
I am currently getting into writing my own Suricata rules and I am trying to detect the presence of a Kali Linux machine on a network. I already have an effective way to detect a machine doing updates via \`apt update\` and \`apt upgrade\` via the IP address associated with the DEB repositories for Kali. This works quite well and as a SOC analyst I've detected a pentester with this more than once. However, I would like to …
address analyst apt cybersecurity detect doing hello ip address kali kali linux linux machine network own pentester repositories rules soc soc analyst suricata update updates upgrade writing
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Intermediate Security Engineer, (Incident Response, Trust & Safety)
@ GitLab | Remote, US
Journeyman Cybersecurity Triage Analyst
@ Peraton | Linthicum, MD, United States
Project Manager II - Compliance
@ Critical Path Institute | Tucson, AZ, USA
Junior System Engineer (m/w/d) Cyber Security 1
@ Deutsche Telekom | Leipzig, Deutschland