Setup a Kali Linux on your local system (Not cloud). This will be our attack machine for the Command and Control Operation. Mythic server requires a minimum of 2 vCPUs […]
Executing malicious executable may trigger other commands to run which gather information about your device or network such as whoami, ipconfig, nslookup, net user etc Such malware can persist in […]
Elasticsearch > Analytics > Maps … the you can compose your query: event.code: 4625 and agent.name: IfeBamba-WINSERVER Add Layer > Select Choropeth: Use the Add layer options as seen in […]
Understanding RDP Used for communication between the Terminal Server and the terminal server client; it is encapsulated within TCP; uses port 3389. RDP can be exploited through the exposure of […]
Events generated for our Linux Agent is seen below, we have a total of 387 events. In creating our dashboards, we will be focusing on the following fields: We click […]
Next, we Setup a new Linux SSH Server as a Test machine for monitoring Brute Force attacks: SSH into the server and update your linux:> apt-get update && apt-get upgrade […]
Elasticsearch Ingest Data Ingesting Sysmon and Windows Defender logs into Elasticsearch Click on Add integrations Search “Windows” and you get We click on Custom Windows Event logs, to gather logs […]
Understanding SYSMON For windows, logging is enabled by default, but the log information provided is not enough, it doesn’t not track important events such a process creation, hence the need […]
We deploy a windows server as we did our Ubuntu server earlier. The difference is that this will not be in in VPC network, as defined in our Network diagram […]
Installing the Kibana application component We will install Kibana following the following steps Reload the systemctl daemon, enable the service, start the service and check the status of the […]