Adding Suricata IDS to the proxy - Purple Tutorial

Contents

• Introduction Introduction

  • Learning how to use Kali Purple

    39s
  • (Locked)
    What you should know

    40s
  • (Locked)
    Disclaimer

    1m 10s
• 1. Building a Cyber Range 1. Building a Cyber Range

  • Introduction to Kali Purple

    5m 37s
  • (Locked)
    Introduction to virtualization

    3m 31s
  • (Locked)
    Virtualization using Proxmox

    4m 5s
  • (Locked)
    A first look at Proxmox

    5m 23s
  • (Locked)
    Installing Kali Linux

    6m 44s
  • (Locked)
    A quick tour of Kali Linux

    7m 39s
  • (Locked)
    Installing the Kali Purple workstation

    5m 40s
  • (Locked)
    A quick tour of Kali Purple

    3m 21s
  • (Locked)
    A first look at the Kali Purple servers

    2m 37s
  • (Locked)
    Creating a Kali Purple server template

    5m 15s
• 2. Proxy/IDS 2. Proxy/IDS

  • Setting up NGINX as a proxy server

    6m 1s
  • (Locked)
    Adding Suricata IDS to the proxy

    2m 37s
  • (Locked)
    Setting up a public web server

    3m 44s
  • (Locked)
    Creating a Linux application server

    5m 30s
  • (Locked)
    Creating a Windows application server

    5m 2s
  • (Locked)
    Installing the juice shop

    3m 41s
  • (Locked)
    Installing virtual machines in the lab

    4m 58s
  • (Locked)
    Using kali-autopilot to generate attack scripts

    9m 27s
  • (Locked)
    Running an attack on autopilot

    3m 44s
• 3. Vulnerabilty Scanning 3. Vulnerabilty Scanning

  • Web scanning with ZAP

    2m 15s
  • (Locked)
    Installing GVM

    3m 46s
  • (Locked)
    Running a vulnerabilitty scan with GVM

    3m 47s
• 4. Security Monitoring with ELK 4. Security Monitoring with ELK

  • (Locked)
    Installing the ELKStack SIEM

    8m 19s
  • (Locked)
    Upgrading Kibana to HTTPS

    5m 39s
  • (Locked)
    Configuring log integrations

    3m 48s
  • (Locked)
    Installing the Fleet server

    2m 51s
  • (Locked)
    Enrolling hosts into the Fleet server

    6m 58s
  • Enhancing our logs

    9m 19s
  • (Locked)
    Detecting reconnaissance with ELKStack

    7m 20s
  • (Locked)
    Detecting exploitation with ELKStack

    4m 56s
  • (Locked)
    Monitoring alerts with ELKStack

    4m 39s
• 5. Security Monitoring with Wazuh 5. Security Monitoring with Wazuh

  • Installing the Wazuh SIEM

    5m 24s
  • (Locked)
    Installing a Wazuh Linux agent

    3m 20s
  • (Locked)
    Installing a Wazuh Windows agent

    1m 32s
  • (Locked)
    Collecting NGINX logs in Wazuh

    5m 20s
  • (Locked)
    Monitoring an attack with Wazuh

    4m 48s
  • (Locked)
    Detecting webshells with Wazuh

    7m 42s
  • (Locked)
    Activating vulnerability scanning

    3m 45s
• 6. Threat Hunting 6. Threat Hunting

  • (Locked)
    Understanding Malcolm for threat hunting

    1m 30s
  • (Locked)
    Installing Malcolm

    2m 48s
  • (Locked)
    A tour of Cyberville with Malcolm

    6m 45s
  • (Locked)
    Threat hunting with Malcolm

    7m 41s
  • (Locked)
    Deep diving with Malcolm's Arkime

    4m 49s
• 7. Threat Intelligence 7. Threat Intelligence

  • (Locked)
    Exchanging threat intelligence

    2m 5s
  • (Locked)
    Installing OpenTaxii

    7m 15s
  • (Locked)
    Working with the cabby client library

    5m 58s
  • (Locked)
    Installing the OpenCTI threat intelligence system

    5m 29s
  • (Locked)
    Working with the OpenCTI threat intelligence system

    10m 2s
• 8. Incident Response 8. Incident Response

  • (Locked)
    Installing Velociraptor

    6m 40s
  • (Locked)
    Connecting Linux hosts to Velociraptor

    5m
  • (Locked)
    Connecting Windows hosts to Velociraptor

    2m 16s
  • (Locked)
    Running commands remotely from Velociraptor

    59s
  • (Locked)
    Accessing client files with VFS

    2m 30s
  • (Locked)
    Hunting with Velociraptor

    5m 44s
• Conclusion Conclusion

  • (Locked)
    Next steps

    1m 25s