Ippsecs First Look and Setting up CrowdSec - Stealthfully Forward Malicious Users to Honeypots

Name: Ippsecs First Look and Setting up CrowdSec - Stealthfully Forward Malicious Users to Honeypots
Uploaded: 2022-04-14T22:31:23Z
Channel: IppSec
Description: 00:00 - Intro talking about crowdsec and its multiplayer firewall 01:04 - Showing my setup, 3 web servers, 2 attack servers 02:20 - Installing Crowdsec ...

IppSec · Beginner ·📊 Data Analytics & Business Intelligence ·3y ago

00:00 - Intro talking about crowdsec and its multiplayer firewall 01:04 - Showing my setup, 3 web servers, 2 attack servers 02:20 - Installing Crowdsec 03:30 - Going over the command line interface, CSCLI showing decisions 04:10 - Showing descisions -a to go over every CrowdSec ban list 07:45 - Attacking the webserver, showing it detect the SSH Brute Force 08:25 - Installing the CrowdSec Bouncer, then showing the attack box is now blocked 09:10 - Using iptables and ipset to show how CrowdSec Blocks things (with iptables) 11:20 - Looking at Collections and Scenarios to see how CrowdSec works 1…

Watch on YouTube ↗ (saves to browser)

Chapters (25)

Intro talking about crowdsec and its multiplayer firewall

1:04 Showing my setup, 3 web servers, 2 attack servers

2:20 Installing Crowdsec

3:30 Going over the command line interface, CSCLI showing decisions

4:10 Showing descisions -a to go over every CrowdSec ban list

7:45 Attacking the webserver, showing it detect the SSH Brute Force

8:25 Installing the CrowdSec Bouncer, then showing the attack box is now blocked

9:10 Using iptables and ipset to show how CrowdSec Blocks things (with iptables)

11:20 Looking at Collections and Scenarios to see how CrowdSec works

12:20 Looking at the CrowdSec documentation to understand the inner workings

15:13 Showing Crowdsec would block us for using GoBuster

17:40 Installing the dashboard to see the fancy graphical reporting from CrowdSec

20:40 Logged into the Dashboard

21:25 Deleting descisions from CrowdSec to allow IP's to connect again

22:50 Setting up a local crowdsec cluster, so agents talk to eachother

29:20 Setting up the bouncers to all share signatures

37:20 Looking at the bouncer logs, to see why it was broken. Updating the ApiURL, th

42:50 Showing the cluster is working by having all hosts block simultaniously

45:45 Showing a gobuster would cause the host to blocked everywhere

48:00 Using the Dashboards SQL Web Client to extract information

52:00 Explaining how our honey pot is going to work

52:56 Configuring WEB-02 to forward SSH to another host instead of blocking it

57:15 The final iptables commands to forward traffic

58:50 Installing Cowrie, the SSH Honey pot

1:06:35 The final demo, Getting blocked from WEB-01, then attempting to SSH to WEB-02

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →