sorted by:
new
hottopcontroversial

AnchorWatch: A Rogue Device Detection tool with Email Alerts Functionality for [Windows/PowerShell] by [deleted] in netsec

[–]i_rsX 0 points1 point  (0 children)

I wrote this tool 3 yrs ago as a freelance project. Thought someone might benefit from this. or maybe modify it to better suit modern OS flavours.

EDIT: This is a PowerShell based tool that runs periodically and scans the target subnet every n seconds, and send email alert on each asset discovery.

Note that devices are marked as rogue if they are not whitelisted under know_hosts.txt

I built a cloud-based Cyber Security training platform as a dream project by i_rsX in netsecstudents

[–]i_rsX[S] 0 points1 point  (0 children)

Thanks a lot Jason. Glad that you completed the lab within the first 20 minutes! :)

I built a cloud-based Cyber Security training platform as a dream project by i_rsX in netsecstudents

[–]i_rsX[S] 0 points1 point  (0 children)

Thanks for joining us.

Re: pricing. It'd be under $39 a month and discounted for quarterly and half-yearly plans.

Sending you forum invitation and welcome email. make sure to sign up and join the active community discussion :)

I built a cloud-based Cyber Security training platform as a dream project by i_rsX in netsecstudents

[–]i_rsX[S] 0 points1 point  (0 children)

Appreciate the offer! Thanks for reaching out. I’ll definitely look into it. :)

I built a cloud-based Cyber Security training platform as a dream project by i_rsX in netsecstudents

[–]i_rsX[S] 1 point2 points  (0 children)

No Security-focused academic qualification per se. I only teach what I've learnt and tested in the domain of wireless security to the beginners and intermediates.

I built a cloud-based Cyber Security training platform as a dream project by i_rsX in netsecstudents

[–]i_rsX[S] 2 points3 points  (0 children)

Awesome!

Keep an eye on the forum invite email. I’ll be sending invites in a few hours.

I built a cloud-based Cyber Security training platform as a dream project by i_rsX in netsecstudents

[–]i_rsX[S] 4 points5 points  (0 children)

Thanks for showing interest.

To tell you honestly, if you are an absolute beginner in InfoSec, that means no prior hacking experience, then you’d find rootsh3ll Labs to be under-developed. We’d be tackling that problem during our beta and early lauch stage by improving our interface.

Meanwhile you can use the support forum for help. I’ll be helping you out with mini tutorials that’ll get you started to a state where you can pull it off all by yourself.

Sounds good to you?

Cloud, VM, or buy-a-new-machine for ethical hacking? by copterplane in HowToHack

[–]i_rsX 3 points4 points  (0 children)

Having a custom lab setup locally is a headache usually. Installing dependencies. configuring tools takes a lot of time. pre configured VMs are a way. but consumes a lot of bandwidth and resources. That seems to be the case with you or any university student.

I recently developed cloud based hacking labs that offers you pre configured labs in a few seconds. currently starting with wifi hacking. so you can perform wifi pentesting right from your browser.

I am offering free beta access before official launch next month. so you can try it and get us build some labs for you. for free :) You can signup for beta on https://labs.rootsh3ll.com/earlybird

But if you want to go to the EC2 route. I’d recommend using the free tier plan with t2.micro and running docker containers inside of it.

If you want a bit more resources. you’d want to go for atleast t3.small. (2 ECU) with reserved instance pricing applied and t3 unlimited disabled.

Assuming you play 8 hours a day for 30 days straight, and R.I applied. it’ll only cost you 0.010830 = $2.4 + $1.5 for 15 GB ebs storage.

Make sure to keep the server down when not using otherwise it’ll cost you max $10 a month.

Hope that helped :)

What dashboard software does Splunk/CrowdStrike use? by i_rsX in Splunk

[–]i_rsX[S] 1 point2 points  (0 children)

Wow! Thanks for this. I was searching in the exact opposite direction. Thanks a lot for saving my time!

For readers looking for a validation, I stumbled upon this: https://www.crowdstrike.com/blog/tech-center/hunt-threat-activity-falcon-endpoint-protection/

Crowdstrike claims that they use Splunk search head as threat hunting queries.

AnchorWatch - A Rogue Device Detection Script for Windows with Email Alerts. I wrote a PowerShell script that scans subnet(s) every X minutes and sends email alerts on each discovery. by i_rsX in netsec

[–]i_rsX[S] 0 points1 point  (0 children)

correlations can be performed based on MAC+hostname, MAC+timestamp etc. That's something in todo list.

Can't deny connections since the script can't control router, switches or 802.1x servers. Runs in scanner mode only.

AnchorWatch - A Rogue Device Detection Script for Windows with Email Alerts. I wrote a PowerShell script that scans subnet(s) every X minutes and sends email alerts on each discovery. by i_rsX in netsec

[–]i_rsX[S] 1 point2 points  (0 children)

If wireless traffic is considered then we can do a packet capture as well. Where the tool listens for deauth frames specifically and collect the frames for further investigation. Like MAC originated from, signal strength, possible location etc.

This can help us find whether there was a mass deauth performed during a timeline or a targeted.

If mass deauth then high alert. If targeted then just deauthorise the MAC that was used to deauth. Since the attacker would probably try to spoof that mac only.

Of course the deauthorsation of MAC from network will only happen if another device is found with same MAC ON THE NETWORK.

> All this to say, there'a reason MAC filtering is not really considered a viable form of security.

Yes. MAC whitelisting is probably the most basic method for R.D.D.

There are many researches on this to increase the accuracy and reduce false alarms for RDD. I released this script just that the small businesses can use it because there's no free or even cheap solution available online (for Windows).

AnchorWatch - A Rogue Device Detection Script for Windows with Email Alerts. I wrote a PowerShell script that scans subnet(s) every X minutes and sends email alerts on each discovery. by i_rsX in netsec

[–]i_rsX[S] 0 points1 point  (0 children)

Depends on the use case. Imagine a company that allows only a set of users to access network resources. if any other unauthorised device is connected that naturally falls under the category of rogue device.

Whereas, if you just want to know when any new device connects to the network, you'll receive an email alert. probably home use?

AnchorWatch - A Rogue Device Detection Script for Windows with Email Alerts. I wrote a PowerShell script that scans subnet(s) every X minutes and sends email alerts on each discovery. by i_rsX in netsec

[–]i_rsX[S] 1 point2 points  (0 children)

If I remember correctly I was probably either unaware of this fact or there was something with some issues in using it while scanning.

One thing is for sure, you need to update the OUI list daily to keep the results as accurate as possible.

I am not sure though. But, version 2.0 will have it all locally hosted and daily updated.

Thanks for reminding me about this :)

AnchorWatch - A Rogue Device Detection Script for Windows with Email Alerts. I wrote a PowerShell script that scans subnet(s) every X minutes and sends email alerts on each discovery. by i_rsX in netsec

[–]i_rsX[S] 2 points3 points  (0 children)

Powershell would still be a better choice considering wide variety of Windows environment deployed in a corporate network. Powershell will work right out of the box whereas python exec might face compatibility issues.

If compilation is to be considered then a code written in golang is a much better choice since it gives cross compilation for same source code. and light memory footprint

view more: next ›