About CrowdSec
CrowdSec is a powerful behavior detection engine. CrowdSec is currently in an open source state. It can analyze visitor behavior through participatory IPS and provide users with adaptive responses to various attacks. In addition, CrowdSec can also use the group function to generate a global CTI database to protect user networks.
CrowdSec is a free, modern, collaborative behavioral detection engine that follows the fail2ban philosophy, but is IPV6 compatible and nearly 60 times faster (Go vs. Python). CrowdSec uses Grok patterns to parse logs and YAML scenarios to identify behaviors. CrowdSec is designed for modern cloud/container/virtual machine based infrastructure, once a threat is detected, we can use various protection mechanisms to mitigate the threat. Offensive IPs will be sent to CrowdSec for governance and then shared among all users to further increase everyone's security.
Crowdsec is an open-source, lightweight software that detects peers with aggressive behavior to prevent them from accessing your system. The operation of Crowdsec is very simple, and it can provide researchers with a security protection infrastructure with low technical barriers but high security gains.
The architecture of the project is shown in the figure below:
tool installation
Install via package (Debian) curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash sudo apt-get update sudo apt-get install crowdsec
Install via package (RHEL/CentOS/Amazon Linux) curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash sudo yum install crowdsec
Install via package (FreeBSD) sudo pkg update sudo pkg install crowdsec
Source installation wget https://github.com/crowdsecurity/crowdsec/releases/latest/download/crowdsec-release.tgztar xzvf crowdsec-release.tgzcd crowdsec-v* && sudo ./wizard.sh -i
Tool demo
Automatic initial configuration, providing a functional out-of-the-box setup
Baseline detection works out of the box, no fine-tuning configuration required
Easily deploy mandatory security measures
Easily deploy a metadata interface that allows easy viewing of data using cscli
Log processing to support forensics and testing
at last
Share a quick way to learn [Network Security], "maybe" the most comprehensive learning method:
1. Network security theoretical knowledge (2 days)
① Understand the industry-related background, prospects, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operation.
④Multiple guarantee introduction, guarantee regulations, procedures and norms. (Very important)
2. Penetration testing basics (one week)
①Penetration testing process, classification, standards
②Information collection technology: active/passive information collection, Nmap tools, Google Hacking
③Vulnerability scanning, vulnerability utilization, principles, utilization methods, tools (MSF), Bypass IDS and anti-virus reconnaissance
④ Host attack and defense drill: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (one week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③Operating system security (system intrusion troubleshooting/system reinforcement basis)
4. Computer network foundation (one week)
①Computer network foundation, protocol and architecture
②Network communication principle, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principle and defense: active/passive attack, DDOS attack, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database basics
②SQL language basics
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (chopper, missing scan, etc.)
Congratulations, if you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the security module well, you can also work as a security engineer. The salary range is 6k-15k.
So far, about a month. You've become a "script kiddie". So do you still want to explore further?
Friends who want to get involved in hacking & network security, I have prepared a copy for everyone: 282G, the most complete network security data package on the entire network, for free!
Click [Card at the end of the article] to get it for free
With these foundations, if you want to study in depth, you can refer to the super-detailed learning roadmap below. Learning according to this route is enough to support you to become an excellent intermediate and senior network security engineer:
[High-definition learning roadmap or XMIND file (click the card at the end of the article to get it)]
There are also some video and document resources collected in the study, which can be taken by yourself if necessary:
supporting videos for each growth path corresponding to the section:
of course, in addition to supporting videos, various documents, books, materials & tools are also organized for you , and has helped everyone to classify.
Due to the limited space, only part of the information is displayed. If you need it, you can [click the card below to get it for free]