Blog

EDR VS EPP

Endpoint Detection and Response (EDR) platforms are security systems that combine elements of next-gen antivirus with additional tools to provide real-time anomaly detection and alerting, forensic analysis and endpoint remediation capabilities.

By recording every file execution and modification, registry change, network connection and binary execution across an organization’s endpoints, EDR enhances threat visibility beyond the scope of EPPs.

Top Endpoint Detection and Response (EDR) Solutions:

Cisco Advanced Malware Protection AMP for Endpoints
FireEye Endpoint Security
Carbon Black Cb Response
Guidance Software EnCase Endpoint Security
Cybereason Total Enterprise Protection
Symantec Endpoint Protection
RSA NetWitness Endpoint
Tanium
CrowdStrike Falcon Insight
CounterTack Endpoint Threat
SentinelOne

Gartner Top EDR

https://www.gartner.com/reviews/market/endpoint-detection-and-response-solutions

Endpoint Protection Platform (EPP) aka Next Generation Anti-Virus NGAV   is an integrated security solution designed to detect and block threats at the device level. Typically this includes antivirus, anti-malware, data encryption, personal firewalls, intrusion prevention (IPS) and data loss prevention (DLP).

Traditional EPP is inherently preventative, and most of its approaches are signature-based – identifying threats based on known file signatures for newly discovered threats. The latest EPP solutions have however evolved to utilize a broader range of detection techniques.

Top NGAV Vendors to Watch in 2019 Endpoint Protection platform (EPP)
Carbon Black
CrowdStrike
Kaspersky Lab
SentinelOne

Gartner Top EPP

https://www.gartner.com/reviews/market/endpoint-protection-platforms

 

RIPv2 no validate-update-source command

When a router running Routing Information Protocol (RIP) receives an update from a neighboring router, it checks whether the source of the update belongs to the same network or sub-network as the receiving interface.

If they are the same, the routes are accepted for installing into the routing table. Otherwise, the update is dropped.

But we can change this behavior:

2

R1

interface Serial2/0

ip address 10.1.1.1 255.255.255.0

encapsulation ppp

interface Loopback0

ip address 1.1.1.1 255.0.0.0

R2

interface Serial2/0

ip address 10.2.2.2 255.255.255.0

encapsulation ppp

 

R2#PING 10.1.1.1

!!!!!

R2#sh ip route

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

C        10.1.1.1/32 is directly connected, Serial2/0

C        10.2.2.0/24 is directly connected, Serial2/0

R1

router rip

ver 2

no auto

network 10.1.1.0

network 1.0.0.0

 

R2

router rip

ver 2

no auto

network 10.2.2.0

 

R2#sh ip route

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

C        10.1.1.1/32 is directly connected, Serial2/0

C        10.2.2.0/24 is directly connected, Serial2/0

 

R2

router rip

no validate-update-source

 

R2#sh ip route

R     1.0.0.0/8 [120/1] via 10.1.1.1, 00:00:01

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

C        10.1.1.1/32 is directly connected, Serial2/0

C        10.2.2.0/24 is directly connected, Serial2/0

L        10.2.2.2/32 is directly connected, Serial2/0

R2#ping 1.1.1.1

!!!!!

 

Ambiguous Cisco Networking Terms For Beginners

1-What is optimal path & suboptimal path ?

suboptimal means the route that the packet takes is not the most optimal or in other words not efficient of all the possible routes.

Lets say you have two paths to same destination , one T1 and one 56K , optimal could be T1 path and suboptimal could be 56k

also sometimes incoming path could use optimal path while outgoing is using suboptimal path and vice versa.

in the end optimal is the perfect , suboptimal is not that prefect .

 

2-What is port flapping?

Ports turning up (on) and down (off) rapidly.

3-What is link flapping?

Link flap means that the interface continually goes up and down in a Cisco devices.

4-what is bouncing an interface ?

bouncing an interface means manually we shutdown then no shutdown interface

5-what is route propagate?

sending route from hop to hop , in another meaning tell any other router (advertise) what routes you have .

6-what is network throughput?

Network Throughput refers to the volume of data that can flow through a network.

Bandwidth is the maximum amount of data that can travel through a ‘channel’.

Throughput is how much data actually does travel through the ‘channel’ successfully.

7-What is Routing Protocols Convergence ?

A converged network topology view means all the routers agree on which links are up, which links are down, which links are running fastest etc. and ready to serve you.

8-what is Converged Protocols ?

Converged protocols are the merging of specialty or proprietary protocols with standard protocols, such as those from the TCP/IP suite. The primary benefit of converged protocols is the ability to use existing TCP/IP supporting network infrastructure to host special or proprietary services without the need for unique deployments of alternate networking hardware.

such as FCoE ,iSCSI ,DNP3 & MPLS .

9-What is Asymmetric routing ?

Asymmetric routing in general is a normal, but unwanted situation in an IP network. Asymmetric routing is a situation where for one reason or another packets flowing in i.e. TCP connections flow through different routes to different directions.

10-what is explicit and implicit in ACL world ?

explicit mean something happen manually ( Fully and clearly defined by you)

implicit mean something happen automatically (always to be found )

( for your info we use same two terms with Microsoft AD site trust but to explain manually and automatically trust relationship )

as you know in Cisco ACL we have implicit deny all (deny any or deny any any )

but we can not log it because its already written on the end of ACL

so we will need to write explicit deny all , so we can add Log word on the end

extended explicit deny all:

deny any any log

standard explicit deny all:

deny any log standard

 

 

AWS Certified Solutions Architect Associate Exam Resources

In the next few weeks, I am planning to take
AWS Certified Solutions Architect Associate Exam.
Exam Released February 2018, Code: SAA-C01

Certification Details:
https://aws.amazon.com/certification/certified-solutions-architect-associate/

Exam Guide:
Free PDF

Books and Resources:
1-First of all, create Free Trial AWS Account
AWS Accounts Include 12 Months of Free Tier Access

https://portal.aws.amazon.com/billing/signup?#/start

2- AWS Certified Solutions Architect Official Study Guide from Sybex
This one is outdated but still useful
https://learning.oreilly.com/library/view/aws-certified-solutions/9781119138556/

aws1

but you wait the second edition will be released March 19, 2019.

aws

3- AWS Certified Solutions Architect Associate All-in-One Exam Guide (Exam SAA-C01) from McGraw-Hill
https://learning.oreilly.com/library/view/aws-certified-solutions/9781260108262/

McGraw-Hill

4- AWS Certified Solutions Architect – Associate (SAA-C01) Cert Guide, First Edition from Pearson IT Certification
https://learning.oreilly.com/library/view/aws-certified-solutions/9780135266885/

Pearson IT Certification

5- AWS Certified Solutions Architect Associate Videos from Livelessons
https://learning.oreilly.com/videos/aws-certified-solutions/9780135229415

9780135229415-2018-07-06

When I am back from my first attempt will share my full experience.

Recorded Ethical Hacking Table of Contents.

Lectures [ includes labs or demonstrations as well]

  • Day 00             25 minutes  Introduction to Lab Environment
  • Day 0 Video 1      27 minutes  Introduction to Linux
  • Day 0 Video 2      23 minutes  Introduction to Kali & Metasploitable
  • Day 0 Video 3      37 minutes  Introduction to OSI Layers & TCP-IP Part 1
  • Day 0 Video 4      25 minutes  Introduction to OSI Layers & TCP-IP Part 2
  • Day 0 Video 5      11 minutes  Introduction to OSI Layers & TCP-IP Part 3
  • Day 0 Video 6      12 minutes  Introduction to MS Active Directory & GPO

 

  • Day 1              2 Hours & 15 minutes   Introduction to Ethical Hacking , Footprinting
  • Day 2              2 Hours & 30 minutes   Introduction to Network Scanning, Nmap , Wireshark , Netcat
  • Day 3              2 Hours & 36 minutes   Introduction to Metasploit , CLI skills , Malware Threats
  • Day 4              2 Hours & 40 minutes   Introduction to Social Engineering, Enumeration , Cryptography
  • Day 5              4 Hours & 02 minutes   Introduction to System Hacking [Password Cracking, Stego , Delete traces] , Vulnerability Analysis, Sniffing, DoS/DDoS
  • Day 6              3 Hours & 39 minutes   Introduction to Evading IDS,FW and Honeypots , Hacking Web servers and Web Applications, SQL Injection
  • Day 7              2 Hours & 02 minutes   Introduction to Cloud , Mobile , IoT , Wireless

Labs

  • Day 1 Lab  30 minutes
  • [host , theharvester , lbd , recon-ng , exiftool]
  • Day 2 Lab 18 minutes
  • [hping3 , nmap , zenmap , colasoft packet builder]
  • Day 4 Lab 14 minutes
  • [nmap , enum4linux , rpcclient , BCTextEncoder , Hashing Cisco passwords]
  • Day 5 Lab Part 1 10 minutes
  • [L0phtcrack , ophcrack , pwdump7]
  • Day 5 Lab Part 2 18 minutes
  • [Password Cracking ftp , ssh  , VNC attack, VSFTPD attack , Unreal IRCd attack against metasploitable]
  • Day 5 Lab Part 3 10 minutes
  • [ARP poisoning using ettercap]
  • Day 5 Lab Part 4 28 minutes
  • [DHCP starvation attack, CDP flooding, SYN DoS attack, Loki , SNMP attack against Cisco Router]
  • Day 5 Lab Part 5 5 minutes
  • [OpenVas Vulnrability Scanner]
  • Day 5 Lab Part 6 11 minutes
  • [Nessus Vulnrability Scanner]
  • Day 6 Lab Part 1 13 minutes
  • [installing XAMPP and DVWA for command execution and sql injection blind attacks]
  • Day 6 Lab Part 2 9 minutes
  • [N-Stalker Web application Vulnerability Scanner]
  • Day 6 Lab Part 3 9 minutes
  • [WordPress attack with WPScan]
  • Day 6 Lab Part 4 9 minutes
  • [BeEF XSS attack to Hijack Broswer]
  • Day 6 Lab Part 5 16 minutes
  • [MYSQL attack using metasploit]
  • Day 6 Lab Part 6 5 minutes
  • [HoneyBOT]
  • Day 6 Lab Part 7 11 minutes
  • [intsalling WordPress TrunKey VM]
  • Day 6 Lab Part 8 15 minutes
  • [attack MYSQL database using Sqlmap]
  • Day 7 Lab 25 minutes
  • [Attack Android emulator with backdoor in apk format using meatsploit]
  • Extra Lab 1  13 minutes
  • [More Meterpreter commands & VNC Metaslpoit attacks ]
  • Extra Lab 2  11 minutes
  • [Privilege Escalation with Metaslpoit UAC bypass ]
  • Extra Lab 3  6 minutes
  • [Creating embedded exploit pdf with Metaslpoit  and detect with pdf-parser,peepdf,pdfid]
  • Extra Lab 4  28 minutes
  • [More Meterpreter commands , Metaslpoit  Arch and Armitage]
  • Extra Lab 5  5 minutes
  • [Dump hashes with Pwdump7 and crack with ophcrack ]
  • Extra Lab 6  12 minutes
  • [John the ripper , Johney]
  • Extra Lab 7  19 minutes
  • [mimikatz]
  • Extra Lab 8  7 minutes
  • [ARP Poisoning Using Cain & Abel]
  • Extra Lab 9 25 minutes
    [Dynamic Malware Analysis]

To get your copy send email to:

info@yasseraudalab.com