Morpheus

Administrators
 View profile  See their activity

  • Content count

    600

  • Joined

  • Last visited

  • Days Won

    101

Morpheus last won the day on December 10 2019

Morpheus had the most liked content!

Community Reputation

28 Excellent

See reputation activity

About Morpheus

  • Rank
    Administrator

Recent Profile Visitors

27,526 profile views
  1. If the High-Volume Logging/Testing option was enabled during the initial Auto-Installer setup, the system likely generated a significant number of events. While this setting is an excellent diagnostic tool to verify that the Windows Intrusion Detection System (WinIDS) is actively receiving data—especially in environments where default traffic might take hours to trigger an alert—it is recommended to revert to the default policy once connectivity is confirmed. Procedure to Restore Default Rule Policy Follow these steps to deactivate the testing rules and return to the standard configuration: Modify Configuration: Navigate to the Pulledpork\etc folder via File Explorer. Right-click enablesid.conf and open it with Notepad. Locate the line beginning with pcre:. Comment out the line by adding a # at the start (e.g., # pcre:.) Save and exit. Clear Temporary Files: Navigate to the Pulledpork\temp folder. Delete the two files located in this directory. Close File Explorer. Update Rule Set: Open the Start Menu and open the WinSnort folder. Run the Rules Updater. This process will fetch the latest rule definitions and reconfigure Snort to the default policy setting, ensuring optimal performance and manageable log volumes.
  2. If the High-Volume Logging/Testing option was enabled during the initial Auto-Installer setup, the system likely generated a significant number of events. While this setting is an excellent diagnostic tool to verify that the Windows Intrusion Detection System (WinIDS) is actively receiving data—especially in environments where default traffic might take hours to trigger an alert—it is recommended to revert to the default policy once connectivity is confirmed. Procedure to Restore Default Rule Policy Follow these steps to deactivate the testing rules and return to the standard configuration: Modify Configuration: Navigate to the Pulledpork\etc folder via File Explorer. Right-click enablesid.conf and open it with Notepad. Locate the line beginning with pcre:. Comment out the line by adding a # at the start (e.g., # pcre:.) Save and exit. Clear Temporary Files: Navigate to the Pulledpork\temp folder. Delete the two files located in this directory. Close File Explorer. Update Rule Set: Open the Start Menu and open the WinSnort folder. Run the Rules Updater. This process will fetch the latest rule definitions and reconfigure Snort to the default policy setting, ensuring optimal performance and manageable log volumes.
  3. If the High-Volume Logging/Testing option was enabled during the initial Auto-Installer setup, the system likely generated a significant number of events. While this setting is an excellent diagnostic tool to verify that the Windows Intrusion Detection System (WinIDS) is actively receiving data—especially in environments where default traffic might take hours to trigger an alert—it is recommended to revert to the default policy once connectivity is confirmed. Procedure to Restore Default Rule Policy Follow these steps to deactivate the testing rules and return to the standard configuration: Modify Configuration: Navigate to the Pulledpork\etc folder via File Explorer. Right-click enablesid.conf and open it with Notepad. Locate the line beginning with pcre:. Comment out the line by adding a # at the start (e.g., # pcre:.) Save and exit. Clear Temporary Files: Navigate to the Pulledpork\temp folder. Delete the two files located in this directory. Close File Explorer. Update Rule Set: Open the Start Menu and open the WinSnort folder. Run the Rules Updater. This process will fetch the latest rule definitions and reconfigure Snort to the default policy setting, ensuring optimal performance and manageable log volumes.
  4. If the High-Volume Logging/Testing option was enabled during the initial Auto-Installer setup, the system likely generated a significant number of events. While this setting is an excellent diagnostic tool to verify that the Windows Intrusion Detection System (WinIDS) is actively receiving data—especially in environments where default traffic might take hours to trigger an alert—it is recommended to revert to the default policy once connectivity is confirmed. Procedure to Restore Default Rule Policy Follow these steps to deactivate the testing rules and return to the standard configuration: Modify Configuration: Navigate to the Pulledpork\etc folder via File Explorer. Right-click enablesid.conf and open it with Notepad. Locate the line beginning with pcre:. Comment out the line by adding a # at the start (e.g., # pcre:.) Save and exit. Clear Temporary Files: Navigate to the Pulledpork\temp folder. Delete the two files located in this directory. Close File Explorer. Update Rule Set: Open the Start Menu and locate and open the WinSnort folder. Run the Rules Updater. This process will fetch the latest rule definitions and reconfigure Snort to the default policy setting, ensuring optimal performance and manageable log volumes.

  5. Version

    2 downloads

    =============================================================================== WINIDS v2.4 - AUTOMATED INSTALLER (IIS/MySQL BUILD) =============================================================================== This package automates the deployment of a complete Windows Intrusion Detection System. Designed for fresh installs of Windows 10/11 or Windows Server 2016-2024 (64-bit). ------------------------------------------------------------------------------- 1. PRE-INSTALLATION ------------------------------------------------------------------------------- * Ensure you are working on a fresh OS installation. * Extract this ZIP file into an empty folder. * Open 'config.conf' and update the following four variables: $AllRules: Set to "Yes" for testing/high-volume logging or "No" for standard security defaults. $TempDir: Local path for downloaded support files (e.g., "D:\temp"). $WinIDSRoot: Local path for the final installation (e.g., "D:\winids"). $Oinkcode: Your unique 40-character Oinkcode. ------------------------------------------------------------------------------- 2. STEP 1: DOWNLOAD COMPONENTS ------------------------------------------------------------------------------- Open a Command Prompt as ADMINISTRATOR and run: powershell -NoProfile -ExecutionPolicy Bypass -NoExit -File Downloader.ps1 NOTE: If a download fails due to site security, manually download the specific version mentioned in the error, place it in your $TempDir, and re-run the script until all files are verified. ------------------------------------------------------------------------------- 3. STEP 2: INSTALL SYSTEM ------------------------------------------------------------------------------- Once downloads are complete, run the following in the Admin Command Prompt: powershell -NoProfile -ExecutionPolicy Bypass -NoExit -File Installer.ps1 The process takes ~10 minutes. The system will automatically reboot 30 seconds after completion. ------------------------------------------------------------------------------- 4. POST-INSTALLATION ------------------------------------------------------------------------------- After reboot, check the Start Menu for the "WinSnort" folder containing: * WinIDS Console (Event Monitoring) * Rules Updater (PulledPork Utility) * Database Utility (MySQL Maintenance) ===============================================================================

  6. Version

    0 downloads

    =============================================================================== WINIDS v2.4 - AUTOMATED INSTALLER (IIS/PostgreSQL BUILD) =============================================================================== This package automates the deployment of a complete Windows Intrusion Detection System. Designed for fresh installs of Windows 10/11 or Windows Server 2016-2024 (64-bit). ------------------------------------------------------------------------------- 1. PRE-INSTALLATION ------------------------------------------------------------------------------- * Ensure you are working on a fresh OS installation. * Extract this ZIP file into an empty folder. * Open 'config.conf' and update the following four variables: $AllRules: Set to "Yes" for testing/high-volume logging or "No" for standard security defaults. $TempDir: Local path for downloaded support files (e.g., "D:\temp"). $WinIDSRoot: Local path for the final installation (e.g., "D:\winids"). $Oinkcode: Your unique 40-character Oinkcode. ------------------------------------------------------------------------------- 2. STEP 1: DOWNLOAD COMPONENTS ------------------------------------------------------------------------------- Open a Command Prompt as ADMINISTRATOR and run: powershell -NoProfile -ExecutionPolicy Bypass -NoExit -File Downloader.ps1 NOTE: If a download fails due to site security, manually download the specific version mentioned in the error, place it in your $TempDir, and re-run the script until all files are verified. ------------------------------------------------------------------------------- 3. STEP 2: INSTALL SYSTEM ------------------------------------------------------------------------------- Once downloads are complete, run the following in the Admin Command Prompt: powershell -NoProfile -ExecutionPolicy Bypass -NoExit -File Installer.ps1 The process takes ~10 minutes. The system will automatically reboot 30 seconds after completion. ------------------------------------------------------------------------------- 4. POST-INSTALLATION ------------------------------------------------------------------------------- After reboot, check the Start Menu for the "WinSnort" folder containing: * WinIDS Console (Event Monitoring) * Rules Updater (PulledPork Utility) * Database Utility (PostgreSQL Maintenance) ===============================================================================

  7. Version

    0 downloads

    =============================================================================== WINIDS v2.4 - AUTOMATED INSTALLER (Apache2/MySQL BUILD) =============================================================================== This package automates the deployment of a complete Windows Intrusion Detection System. Designed for fresh installs of Windows 10/11 or Windows Server 2016-2024 (64-bit). ------------------------------------------------------------------------------- 1. PRE-INSTALLATION ------------------------------------------------------------------------------- * Ensure you are working on a fresh OS installation. * Extract this ZIP file into an empty folder. * Open 'config.conf' and update the following four variables: $AllRules: Set to "Yes" for testing/high-volume logging or "No" for standard security defaults. $TempDir: Local path for downloaded support files (e.g., "D:\temp"). $WinIDSRoot: Local path for the final installation (e.g., "D:\winids"). $Oinkcode: Your unique 40-character Oinkcode. ------------------------------------------------------------------------------- 2. STEP 1: DOWNLOAD COMPONENTS ------------------------------------------------------------------------------- Open a Command Prompt as ADMINISTRATOR and run: powershell -NoProfile -ExecutionPolicy Bypass -NoExit -File Downloader.ps1 NOTE: If a download fails due to site security, manually download the specific version mentioned in the error, place it in your $TempDir, and re-run the script until all files are verified. ------------------------------------------------------------------------------- 3. STEP 2: INSTALL SYSTEM ------------------------------------------------------------------------------- Once downloads are complete, run the following in the Admin Command Prompt: powershell -NoProfile -ExecutionPolicy Bypass -NoExit -File Installer.ps1 The process takes ~10 minutes. The system will automatically reboot 30 seconds after completion. ------------------------------------------------------------------------------- 4. POST-INSTALLATION ------------------------------------------------------------------------------- After reboot, check the Start Menu for the "WinSnort" folder containing: * WinIDS Console (Event Monitoring) * Rules Updater (PulledPork Utility) * Database Utility (MySQL Maintenance) ===============================================================================

  8. Version

    0 downloads

    =============================================================================== WINIDS v2.4 - AUTOMATED INSTALLER (Apache2/PostgreSQL BUILD) =============================================================================== This package automates the deployment of a complete Windows Intrusion Detection System. Designed for fresh installs of Windows 10/11 or Windows Server 2016-2024 (64-bit). ------------------------------------------------------------------------------- 1. PRE-INSTALLATION ------------------------------------------------------------------------------- * Ensure you are working on a fresh OS installation. * Extract this ZIP file into an empty folder. * Open 'config.conf' and update the following four variables: $AllRules: Set to "Yes" for testing/high-volume logging or "No" for standard security defaults. $TempDir: Local path for downloaded support files (e.g., "D:\temp"). $WinIDSRoot: Local path for the final installation (e.g., "D:\winids"). $Oinkcode: Your unique 40-character Oinkcode. ------------------------------------------------------------------------------- 2. STEP 1: DOWNLOAD COMPONENTS ------------------------------------------------------------------------------- Open a Command Prompt as ADMINISTRATOR and run: powershell -NoProfile -ExecutionPolicy Bypass -NoExit -File Downloader.ps1 NOTE: If a download fails due to site security, manually download the specific version mentioned in the error, place it in your $TempDir, and re-run the script until all files are verified. ------------------------------------------------------------------------------- 3. STEP 2: INSTALL SYSTEM ------------------------------------------------------------------------------- Once downloads are complete, run the following in the Admin Command Prompt: powershell -NoProfile -ExecutionPolicy Bypass -NoExit -File Installer.ps1 The process takes ~10 minutes. The system will automatically reboot 30 seconds after completion. ------------------------------------------------------------------------------- 4. POST-INSTALLATION ------------------------------------------------------------------------------- After reboot, check the Start Menu for the "WinSnort" folder containing: * WinIDS Console (Event Monitoring) * Rules Updater (PulledPork Utility) * Database Utility (PosrgreSQL Maintenance) ===============================================================================

  9. Snort Cheat Sheet

    Morpheus posted a file in Windows Security Tools

    Version 1.0.0

    10 downloads

    The Snort Cheat Sheet covers: Sniffer mode, Packet logger mode, and NIDS mode operation Snort rules format Logger mode command line options NIDS mode options Alert and rule examples
  10. You will need to bridge the two NIC's and in Windows 10 do it as below: Bridging Your Internet Connections on Windows 10 Step 1: Go to your Control Panel from the Start menu. Step 2: Navigate to Network Connections. Step 3: Click on the first NIC that you want to bridge. Step 4: Hold down the CTRL key while clicking on the second NIC that you want to bridge. Step 5: Right-click on one of the selected NICs and click "Bridge Connections." I have not tested the above on anything other than Windows 10.
  11. To test the MySQL database server and authentications open a CMD window with Administrator access and type d:\activators\db_tools\test_mysql-php7.php
  12. giganut started following Morpheus
  13. The problem is that it is not finding the base.php file, or possibly the base_conf.php file? It has to find the file first before trying to execute it. Not sure if it could be the problem but make sure the config file is correctly named: base_conf.php Maybe some sort of a permission problem with the files in the base folder? Not sure how a permission problem could be the problem when the test.php file is working. You are going to have issues with WinPcap and Npcap both installed. Use either one but not both. Note: Uninstall both and then install the one you are going to use. Make sure Snort is not running when you uninstall.
  14. Does this work: http://winids/base.php
  15. I'm not sur but there appears to be a formatting error with the Apache config. Try the attached one. Also try moving the test.php file to the base folder and then try http://winids/test.php httpd.conf
  16. dhernandez000 liked a post in a topic: ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory
  17. That is not normal?