00:00 - Intro talking about crowdsec and its multiplayer firewall
01:04 - Showing my setup, 3 web servers, 2 attack servers
02:20 - Installing Crowdsec
03:30 - Going over the command line interface, CSCLI showing decisions
04:10 - Showing descisions -a to go over every CrowdSec ban list
07:45 - Attacking the webserver, showing it detect the SSH Brute Force
08:25 - Installing the CrowdSec Bouncer, then showing the attack box is now blocked
09:10 - Using iptables and ipset to show how CrowdSec Blocks things (with iptables)
11:20 - Looking at Collections and Scenarios to see how CrowdSec works
12:20 - Looking at the CrowdSec documentation to understand the inner workings
15:13 - Showing Crowdsec would block us for using GoBuster
17:40 - Installing the dashboard to see the fancy graphical reporting from CrowdSec
20:40 - Logged into the Dashboard
21:25 - Deleting descisions from CrowdSec to allow IP's to connect again
22:50 - Setting up a local crowdsec cluster, so agents talk to eachother
29:20 - Setting up the bouncers to all share signatures
37:20 - Looking at the bouncer logs, to see why it was broken. Updating the ApiURL, then our local cluster is setup and working
42:50 - Showing the cluster is working by having all hosts block simultaniously
45:45 - Showing a gobuster would cause the host to blocked everywhere
48:00 - Using the Dashboards SQL Web Client to extract information
52:00 - Explaining how our honey pot is going to work
52:56 - Configuring WEB-02 to forward SSH to another host instead of blocking it
57:15 - The final iptables commands to forward traffic
58:50 - Installing Cowrie, the SSH Honey pot
1:06:35 - The final demo, Getting blocked from WEB-01, then attempting to SSH to WEB-02 and immediately going to the honeypot
Support the originator by clicking the read the rest link below.
