Zeus Malware Analysis- Sophos UTM, Security Onion

I’ve posted about dynamic and automated analysis of the Zeus malware, but what about identifying Zeus from firewall & IDS logs? After executing Zeus, my Sophos UTM generated a few alerts. This is something that would absolutely stick out to me during daily log analysis. Drilling into the alert tells us threat “C2/Zaccess-A” attempted to … Continue reading "Zeus Malware Analysis- Sophos UTM, Security Onion"

Read More

Setup Port Mirroring and VLANs at Home- Managed Switch

A switch capable of port mirroring and VLAN tagging is an essential purchase for every home lab. For your home IDS to work, you’ll need to mirror network traffic traversing the switch to a dedicated port. This switch port should be connected to a NIC dedicated as the sniffing interface for your IDS. In future … Continue reading "Setup Port Mirroring and VLANs at Home- Managed Switch"

Read More