Skip to content
TechNotes

TechNotes

Solving IT

  • Home
  • Topics
    • Cloud
    • Cybersecurity
  • Projects
  • About

event

Cybersecurity SOC Analyst Challenge

Create Alerts and Dashboards to detect activity based on Mythic Telemetry – Part 13

IfeOctober 14, 2024November 9, 2024

Investigating our recent mythic activity, we return to ES > Discover. Here we search for “svchost-ifebamba.exe” which is our payload, we get some log information below: – we can see […]

Read More
Cybersecurity SOC Analyst Challenge

Create a Dashboard for Windows RDP activity with Kibana – Part 10

IfeOctober 8, 2024November 9, 2024

Elasticsearch > Analytics > Maps … the you can compose your query: event.code: 4625 and agent.name: IfeBamba-WINSERVER Add Layer > Select Choropeth: Use the Add layer options as seen in […]

Read More
Cybersecurity SOC Analyst Challenge

Ingesting Data into Elasticsearch (Windows) – Part 6

IfeOctober 3, 2024November 9, 2024

Elasticsearch Ingest Data Ingesting Sysmon and Windows Defender logs into Elasticsearch Click on Add integrations Search “Windows” and you get We click on Custom Windows Event logs, to gather logs […]

Read More

Categories

  • Cloud
  • Cybersecurity
  • General
  • Projects
  • SOC Analyst Challenge
  • Tools

Recent Posts

  • Setting Up a Virtual Infrastructure with VMware ESXi, vCenter Server, and vSphere: A (Not so) quick dive!
  • Investigating Malware attachments In Emails – LetsDefend.io
  • Deploying Elastic Defend for EDR (Endpoint Detection and Response) – Part 18
  • Investigating the Command and Control framework – Mythic Agent Exploit – Part 17
  • Investigating RDP Brute force attacks – Part 16
Copyright 2025. All rights reserved.
Powered by RS WP THEMES