What is Warp? My first exposure to Warp as a tool was on twitter when a DevOps account I follow tweeted about it. I bookmarked it for further investigation and […]
Troubleshooting Scenario:We have a web application that relies on the PostgreSQL 13 database present on our server. However, the connection to the database is not working. The task is to […]
I remember the first time I encountered VMware Workstation, I was amused by the wizardly! I was just getting into tech and I wanted to try things out – linux […]
In this post, I will be conducting an SOC analysis / investigation on an alert generated on a SIEM (Using letsdefend.io) to determine if a suspicious attachment in an email […]
Setting up Elastic Defend: this is the EDR (Endpint detection and response) and generate some telemetry. ES > management > integrations > Elastic Defend Add elastic defend Select existing host […]
In investigating a C2 : you will consider the following ways– Network telemetry (existing C2 sessions have a lot of back and forth telemetry)– Heartbeat (You can use a tool […]
Investigating the things to look for in a brute force attack Go to ES > Security > alerts We look to investigate the following when we investigate an Alert and […]
Investigating the things to look for in a brute force attack Go to ES > Security > alerts We look to investigate the following when we investigate an Alert and […]
Helps keep track of the task at hand, provide an audit trail and accountability. From a SOC perspective, a ticketing system is essential in fulfilling the AAA triad (AAA Framework) […]
Investigating our recent mythic activity, we return to ES > Discover. Here we search for “svchost-ifebamba.exe” which is our payload, we get some log information below: – we can see […]