The bulk of cyber security incidents are fairly simple, but sometimes you end up working with a whole network of hosts that are connected to each other in different ways. With this scenario in mind, I recently set out to explore the possibility of creating a Python script to automatically generate a simple network diagram to visualise things more clearly.
A while ago I wrote a post about using Python to parse tcpdump output for domains and URLs. Recently, I started to wonder if I could take that a step further. What if the DNS requests I saw could be checked against a blacklist in real time? And what if the output was presented in a more useful format? Here’s how I got these new features working.
It’s almost a year to the day that I left my journalism job and started at the SANS Cyber Retraining Academy, and I’ve written a lot of blog posts about how much I enjoyed the experience and how valuable and life-changing it was. But now I’ve been in the industry for a few months, I thought it would be interesting to explore what it didn’t prepare me for.