Eventually you will use your favourite language to check for open TCP ports. Plain Python with Sockets is perfectly fine, but you could also learn how to use Scapy + Python to raise your game to a new level.

#porttest #python #linux #devops #coding #scapy

https://www.redhat.com/sysadmin/test-tcp-python-scapy

Another article on the queue, how you don't let your friends to test TCP port with telnet, the same way you don't use tanning beds due health concerns:

https://github.com/josevnz/StopUsingTelnetToTestPorts

#telnet #tcp #testing #ports #nmap #scapy #expect

First time in months (years?) that I have to do some packet creation with #Scapy. And the last VM with all the earlier recipes is gone. I feel like a noob again.

Python Pakete installieren oder Updaten via Setup-Skript
Um nicht ständig einzelne Python Pakete nachzuinstallieren, bietet sich an in Python eine Setup Datei zu schreiben. Hier in diesem Beispiel habe ich einen Python Skript geschrieben, das mir es ermöglicht, die Pakete, die ich ständig benötige na
https://www.dev-crowd.com/2023/03/27/python-pakete-installieren-oder-updaten-via-setup-skript/
#Programmierung #Python #Requests #Scapy #Selenium #Webdriver #Package #Packages #Python #Setup

Hey, back with another #CTFWriteup - this time on #PicoGym.

But wait, there's a twist!

For this #forensics challenge involving extracting files from a packet capture, I opted to use scapy to build my own tools, rather than use Wireshark's built-in tooling.

Why? To learn #scapy and practice the process of researching a new security thing!

Read the full #article here:
https://allyring.github.io/picoctf-tftp

Thanks :D

🌐 Want to learn how to master Scapy and build your own IPv6 attacks? Then sign up for Guillaume Valadon's (@guedou) #cybersecurity training on #IPv6 Network Security with #Scapy!

🎟️ https://ringzer0.training/trainings/ipv6-network-security-with-scapy.html

Welche Arten von manuellen Testfällen sollten für Regressionstests automatisiert werden?

https://www.dev-crowd.com/2023/01/24/welche-arten-von-manuellen-testfaellen-sollten-fuer-regressionstests-automatisiert-werden/
#Agile #Betatester #Engineering #ExplorativesTesten #Kreativität #LoadandPerformance #Mocking #Mutation-Testing #OwaspZap #PenetrationTest #Penetrationtest #Postman #Programmierung #Python #Regressions-Test #Requests #RestAPI #Scapy #Security #Selenium #TestEngineering #Testmana

🌐 Want to learn how to master Scapy and build your own IPv6 attacks? Then sign up for Guillaume Valadon's (@guedou) training on #IPv6 Network Security with #Scapy!

🎟️ https://ringzer0.training/trainings/ipv6-network-security-with-scapy.html

↩️ ICYMI - our #RETURN2WORKSHOPS videos are now available online! This weekend, expand your knowledge on #Scapy, #ARM64, and #Cryptography. Watch #free #infosec #workshops by our awesome instructors Guillaume Valadon (@guedou), Saumil Shah (@therealsaumil), and JP Aumasson (@veorq)!

🎥 https://youtube.com/playlist?list=PLVdN3CvFiQpdGVgwBdfWfgpMdYiYGW4xh

As a way to ring in the new year, we’re releasing the videos of the #RETURN2WORKSHOPS event of last December! First up is Guillaume Valadon (@guedou), who will tell you all about #Scapy, and how to use it to manipulate packets. Watch “SCAPY, from S to Y!” for #free!

🎥 https://youtu.be/mzTZRf8Fw3Y

Are you interested in learning more about Scapy? Then sign up for Guillaume’s #training in February: “#IPv6 Network Security with Scapy”. Go to our website for more details and to sign up!

🎟️ https://ringzer0.training/trainings/ipv6-network-security-with-scapy.html

Aujourd'hui, j'ai eu l'occasion de ressortir #scapy au travail, cela faisait tellement longtemps que j'en avais pas eu l'occasion… :blobaww: Le démarrage a montré que j'étais un peu rouillé mais j'ai fini par réussi à le faire fonctionner pour mon cas d'usage ! :blobmelt:

📅 Have some free time tomorrow? Why not brush up on your #Scapy skills with Guillaume Valadon’s (@guedou) #free workshop “#SCAPY, from S to Y!” - sign up today to score the last tickets!

🎟️ https://ringzer0.training/workshops.html

🕗 Can’t wait till @guedou’s training in February? There are still #FREE tickets left for Guillaume’s #workshop “#SCAPY, from S to Y!” - so sign up now for his #cybersecurity workshop this Wednesday!

🎟️ https://ringzer0.training/workshops.html

@reswob
I'm going to summarize.
This really good write up on how to use simple, readily available tools to perform good security research. And it is written in such a way that even a beginner could follow it.
They used #kalilinux, specifically #wireshark, #scapy, and an arpspoof #python script (there are tools in Kali that can do this for you like #dsniff or #ettercap, but they probably did not need something that full featured).
They debugged the protocol to figure out where the PSI values were stored and then built a MiTM script, also in python, that could manipulate embedded data in either direction or both directions.
Simplest fix is "encrypt your protocol".

🌐 Want to learn how to master Scapy and build your own IPv6 attacks? Then sign up for Guillaume Valadon's (@guedou) training on #IPv6 Network Security with #Scapy!

🎟️ https://ringzer0.training/trainings/ipv6-network-security-with-scapy.html

🎄‘T is the season of giving! And what better gift than knowledge? Join us for our FREE annual December Workshop #Advent Calendar with three awesome #workshops about #SCAPY, #ARM64, and #Cryptography!

Which will you attend? Sign up for free now!

🎁 https://ringzer0.training/workshops.html

A workshop that I have delivered years ago that I’m still excited about - “The Art of Packet Crafting with Scapy”.

A workshop where you’ll learn the nitty-gritty details of networking while programming in #python and #scapy

In my opinion, this is one of the best ways to learn Networking that they don’t teach you in a classroom.

https://scapy.disruptivelabs.in/

@crashoverrid3
Threat Hunting is not a primary part of our job. Our team is very small so Threat Hunting is a "when you have time" exercise. Most of time, we have automated tools that say something is a threat and then we prove it using other, manual tools and techniques.
With that said, here are my tips.
First and foremost, knowing what "normal" is for wherever it is you are hunting. You have to know what it should look like before you can detect an anomaly.
Second, access to time-synched security and application logs through a log aggregator like #Splunk. Careful log analysis can find a needle in a stack of needles if you have enough corroborating information.
I generally write quick scripts in #PowerShell or #bash and I have a co-worker to does the same with #Python.
For web apps, something like #BurpSuite or OWASP ZAP that can be used as a proxy.
To detect things on the network, flow data analysis is always good. Top and bottom talkers.
Traffic on unusual ports
For threats that would be using some sort of open port, I start with #nmap making use of its huge library of scripts and it's user friendly performance options. As a bonus, you can dump the results to parseable output files for use by other tools. I'd love to say I use #scapy and #hping3 but honestly nmap is normally good enough for what I do.
I'll check #metasploit to see if they have anything relevant to what I'm searching for, but often they don't.
And we have multiple agents on our endpoints that can check the file system for specific file hash values or we can have our admin team run scripts from their management tools to reach out and touch every system to look for a file.

I love #scapy for crafting packets but gee the documentation is lacking. Even the API reference is mostly just a pointer to the source to read what's actually possible with each layer. #infosec

🌐 Want to learn how to master Scapy and build your own IPv6 attacks? Then sign up for Guillaume Valadon's training on #IPv6 Network Security with #Scapy!

🎟️ https://ringzer0.training/trainings/ipv6-network-security-with-scapy.html

🧵 3/10