• Proofpoint Wombat Security Awareness Training – Phishing Campaign Step by Step

Wombat ThreatSim® Phishing Simulations are an excellent addition to any security awareness training program, particularly those focused on fighting phishing attacks. Wombat ThreatSim Phishing Simulations serivce has SaaS-based interface which makes it easy to deliver simulated phishing emails and customizable Teachable Moments, which display targeted “just-in-time teaching” messages to individuals who fall for a phishing test.ThreatSim’s customizable email templates address…

• Ubuntu 16.04.5 LTS (Xenial Xerus) Installation Step by Step in VMWare Workstation (Not Easy Installation)

1. Ubuntu16.04 Installation 1.1 VMware Workstation Virtual Machine Creation for not easy installation If you are using VMware workstation , by default, system will do easy installation for you, which means all settings will be automatically entered by VMware Workstation. You wont need to provide too much or any information during installation process. We are not going to use this…

• Expose your local service to public: Ngrok, FRP, localtunnel

For many IT workers remotely involved with networking, it is quite common to need to expose your Intranet application to the outside world in a secured manner. Unfortunately, we work most of the time from private IP networks, be that at the workplace, at home or at the coffee shop. The router(s) or firewall (s) that stands between our workstation…

• Gartner Magic Quadrant for Enterprise Network Firewall (2018,2017,2016,2015,2014,2013,2011,2010)

Based on Gartner’s definition, the enterprise network firewall ” is composed primarily of purpose-built appliances for securing enterprise corporate networks. Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions for the data center. Customers should also have the option to…

• Gartner Magic Quadrant for SIEM Products (2018,2017,2016,2015,2014,2013,2012,2011…)

Gartner defines SIEM as a technology that aggregates data produced by security devices, network infrastructure and systems, and applications. Products in the security information and event management (SIEM) market analyze security event data and network flow data in real time for internal and external threat management. They collect, store, analyze and report on log data for incident response, forensics and…

• Best Free Network Performance Test tool – Iperf

According to wikipedia Iperf “is a commonly used network testing tool that can create TCP and UDP data streams and measure the throughput of a network that is carrying them. Iperf is a modern tool for network performance measurement written in C++.” This tool has to configure server side and client side to complete a test. It can test from…

• Gartner Magic Quadrant for Unified Threat Management (2018,2017,2016,2015,2014,2013,2012,…)

Gartner defines the unified threat management (UTM) market as multifunction network security products used by small or midsize businesses (SMBs) (< 1000 employees). 2018 Gartner Magic Quadrant for Unified Threat Management Report For leaders quadrant, no changes since 2015. Fortinet, Check Point and Sophos are in there.

• ArcSight SIEM Logger Web, Search Examples, Use Case Reports

ArcSight Logger is one of products from Micro Focus SIEM platform. It  streams real-time data and categorizes them into specific logs and easily integrates with Security Operations. As a result, organizations of any size can use this high performance log data repository to aid in faster forensic analysis of IT operations, application development, and cyber security issues, and to simultaneously…

# Posts published in “Software”

According to wikipedia Iperf “is a commonly used network testing tool that can create TCP and UDP data streams and measure the throughput of a network that is carrying them. Iperf is a modern tool for network performance measurement written in C++.” This tool has to configure server side and client side to complete a test. It can test from…

Networking Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library pypcap, Pcapy and pylibpcap: several different Python bindings for libpcap libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission dpkt: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols Impacket: craft and decode network packets. Includes support for higher-level protocols such as NMB and…

Here are some scripts and methods to do remote troubleshooting or running some commands in remote machines. I found they are very useful especially in a enterprise environment if you have your domain admin account. Prerequisites to run remote commands Install .NET Framework 4.5.2 from \\shareserver\it\$Install\Scripting prerequisites\NDP452-KB2901907-x86-x64-AllOS-ENU.exe or from https://www.microsoft.com/en-ca/download/details.aspx?id=42642 Install Windows Management Framework 5.1: copy the folder \\shareserver\it\$Install\Scripting prerequisite\Windows Management…

Microsoft Sysinternals tool Sysmon is a service and device driver, that once installed on a system, logs indicators that can greatly help track malicious activity in addition to help with general troubleshooting. Basic Sysmon Usage commands: Installation: sysmon -i -accepteula [options] Extracts binaries into %systemroot% Registers event log manifest Enables default configuration Note: Once this command runs, the Sysmon service is installed,…

In my home lab virtual environment, VMware ESXi and Workstation used to host most of my testing virtual machines. To get those VMs working together in a multi networks diagram, I always need to have a router or firewall VM. I were using all kinds of virtual routers or firwealls, such as those major vendors, Cisco, CheckPoint, Juniper, Fortinet, Palo…

Basically I am creating a script to build SSH connection from my Windows 7 network management computer to Cisco devices and have interactive commands with those Cisco devices. This has been done by many other network engineer. With Google’s help, I am able to get their experiences to quickly implement it in my home lab environment. It will be part…

1.  Install Python into Windows 1.1 Download Latest Python 2 file from https://www.python.org/downloads/windows/ Latest Python 3 Release – Python 3.7.0 Latest Python 2 Release – Python 2.7.15 1.2 Double Click download python-2.7.15.exe file to install it. 1.3 Run Python By Default, it will be installed at c:\Python27 folder C:\Users\John>cd \ C:\>cd Python27 C:\Python27>python --version Python 2.7.15 C:\Python27>python Python 2.7.15 (v2.7.15:ca079a3ea3, Apr 30…

The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic, and security analysis utility. SymDiag is provides self-help support for Symantec product technical issues, zero-day threat analysis, best practice recommendations, and proactive services to customers. If you require further assistance, SymDiag lowers the level of effort and increases efficiency by automating data gathering and support case submission. SymDiag support most of…

Building a lab to test some Windows services , AD, DNS, DHCP, ADCS, etc. in my VMware ESXi 6 environment, to get it running smoothly and reduce some headache, I used following tricks to make my life easier. Most of work has to be done by Group Policy Management Editor. If you are running in a domain environment, create this…