Cybersecurity

  • Home
  • Cybersecurity
Cybersecurity

Combining nDPI and Wireshark for Cybersecurity Traffic Analysis
At the upcoming Sharkfest Europe 2021 we’ll talk about using Wireshark in cybersecurity. Part of the talk will focus on nDPI and Wireshark integration. Since the last release nDPI features flow risk analysis, that is basically a numerical indication of potential risks associated with a network communication ranging from ‘TLS Certificate Expired’ to more complicated ‘Suspicious DGA domain name’ and ‘SQL injection’. You can find a comprehensive list of increasingly growing risks here. For the impatiens, this is a quick guide on how to play with this integration. Prerequisite Download …
Announce

Join FOSDEM 2021 ntop sessions, Sat-Sun Feb 6-7th (online)
We are proud to announce that a couple of talks have been accepted at FOSDEM 2021, one of the most important FOSS conferences in the world that this yar will take place online due to the pandemic. In the Network monitoring, discovery and inventory devroom we will give two presentations titled “Using nDPI for  Monitoring and Security” and  “ntopng network monitoring and discovery“. In addition, ntop has been given a virtual stand to present its opensource-related activities. The ntop team will always be available in a chatroom and a series …
Cybersecurity

Security-Centric Traffic Analysis
Days ago we have given a short speak about cybersecurity at an Italian meetup. These are the presentation slides (English) where you can read more about the steps we have taken to make our tools more cybersecurity-oriented. Below you can also find the video that is only for Italian-speaking people (sorry about that). Enjoy!   …
Cybersecurity

How Attack Mitigation Works (via SNMP)
One of the greatest strengths of ntopng is its ability to correlate data originating at different layers and at multiple sources together. For example, ntopng can look at IP packets, Ethernet frames and, at the same time, poll SNMP devices. This enables ntopng to effectively perform correlations and observe: The behavior of IP addresses (e.g., Is this IP known to be blacklisted?) The MAC addresses carrying IP traffic around in the network The physical location of the MAC addresses (i.e., physical switches traversed by a given MAC address along with …
Cybersecurity

How to Detect Domain Hiding (a.k.a. as Domain Fronting)
Domain fronting is a technique that was used in 2010s by mobile apps to attempt to bypass censorship. The technique relies on a “front” legitimate domain that basically acts as a pivot for the forbidden domain. In essence an attacker performs a HTTPS connection where in the DNS (used to resolve the domain name) and TLS SNI the legitimate domain name is used, whereas inside the HTTP connection in the “Host” HTTP header it specifies the forbidden domain Recently at DEF CON 28 a new tool named Noctilucent has been …
Cybersecurity

Mice and Elephants: HowTo Detect and Monitor Periodic Traffic
Most people are used to top X: top senders, top receivers, top protocols. So in essence they are looking for elephants. While this is a good practice, mice are also very interesting as they can often be hidden in the noise. In cybersecurity noise is very good for attackers as they often try to hide themselves on it; this is in order to escape security. Many malware are programmed on a for loop fashion: do a), do b) do c) then go back to a) on an infinite loop. In …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe