I remember the first time I encountered VMware Workstation, I was amused by the wizardly! I was just getting into tech and I wanted to try things out – linux […]
In this post, I will be conducting an SOC analysis / investigation on an alert generated on a SIEM (Using letsdefend.io) to determine if a suspicious attachment in an email […]
Setting up Elastic Defend: this is the EDR (Endpint detection and response) and generate some telemetry. ES > management > integrations > Elastic Defend Add elastic defend Select existing host […]
In investigating a C2 : you will consider the following ways– Network telemetry (existing C2 sessions have a lot of back and forth telemetry)– Heartbeat (You can use a tool […]
Investigating the things to look for in a brute force attack Go to ES > Security > alerts We look to investigate the following when we investigate an Alert and […]
Investigating the things to look for in a brute force attack Go to ES > Security > alerts We look to investigate the following when we investigate an Alert and […]
Helps keep track of the task at hand, provide an audit trail and accountability. From a SOC perspective, a ticketing system is essential in fulfilling the AAA triad (AAA Framework) […]
Investigating our recent mythic activity, we return to ES > Discover. Here we search for “svchost-ifebamba.exe” which is our payload, we get some log information below: – we can see […]
Setup a Kali Linux on your local system (Not cloud). This will be our attack machine for the Command and Control Operation. Mythic server requires a minimum of 2 vCPUs […]
Executing malicious executable may trigger other commands to run which gather information about your device or network such as whoami, ipconfig, nslookup, net user etc Such malware can persist in […]