Wazuh Proof of Concept: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→Plan) |
|||
| (Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt) | |||
| Zeile 3: | Zeile 3: | ||
*sudo update-alternatives --set iptables /usr/sbin/iptables-nft | *sudo update-alternatives --set iptables /usr/sbin/iptables-nft | ||
*sudo iptables -L | *sudo iptables -L | ||
| − | + | =Plan= | |
| − | + | {{#drawio:wazuh-profofoconcept}} | |
=Proof of Concept= | =Proof of Concept= | ||
Aktuelle Version vom 18. September 2025, 06:04 Uhr
Vorbereitung beim Nutzen eines Debian Systems
- sudo apt install iptables
- sudo update-alternatives --set iptables /usr/sbin/iptables-nft
- sudo iptables -L
Plan
![Bearbeiten](javascript:editDrawio("1759836814", "wazuh-profofoconcept.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}
Proof of Concept
- Blocking a known malicious actor
- File integrity monitoring
- Detecting a brute-force attack
- Monitoring Docker events
- Detecting unauthorized processes
- Network IDS integration
- Detecting an SQL injection attack
- Detecting suspicious binaries
- Detecting and removing malware using VirusTotal integration
- Detecting a Shellshock attack
- Vulnerability detection