Practical Wireshark

Wireshark: Packets: In a real world blue team operation usually the threat analysts are given with ‘PCAP’ files to analyze which systems are getting affected by the malware / what is the C2 server of the attacker/ where did the malware spread from which time, what’s the IP of those infected systems etc. . . What are PCAP files? -> PCAP file is a exported format of the captured data from Layer 2-7 of the OSI model by wireshark. We can share that captured data to anyone to analyze what happened within this timeframe in the network. ...

October 12, 2025 · 2 min · 273 words · 0x-s0M3n4th

Practical Snort

How snort works: snort IDS network implementation: Lab environment: we are not going to use this lab env just for the sake of simplicity of this excersise. Installing snort on ubuntu 20.04 LTS : Before installing make sure promisc mode is on. While installing you will be prompted with to provide the interface name and subnet range sudo apt-get install snort -y cd /etc/snort # The snort config files are sotred there only Now we need to make a backup of the snort config files -> to copy the file we need to have elevated privileges. cp snort.conf snort-backup.conf ...

October 12, 2025 · 3 min · 578 words · 0x-s0M3n4th

Practical Wazuh

Installing wazuh in ubuntu 20.04 LTS step 1: curl -sO https://packages.wazuh.com/4.12/wazuh-install.sh && sudo bash ./wazuh-install.sh -a This will take some time, and it will install all wazuh services, at the end it will provide the username and password of the wazuh server as well as in which port it is running. ![[Pasted image 20250725160156.png]] Then you need to disable auto update wazuh using this command -> sed -i "s/^deb /#deb /" /etc/apt/sources.list.d/wazuh.list apt update Note You can find the passwords for all the Wazuh indexer and Wazuh API users in the wazuh-passwords.txt file inside wazuh-install-files.tar. To print them run the following command -> ...

October 12, 2025 · 1 min · 201 words · 0x-s0M3n4th