Most Recent
-
Investigating With Splunk: WALKTHROUGH
SOC Analyst Johny has observed some anomalous behaviours in the logs of a few windows machines. It looks like the adversary has access to some of these machines and successfully created some backdoor. His manager has asked him to pull those logs from suspected hosts and ingest them…
-
BlackBox UploadVuln
We'll look at this as a step-by-step process. Let's say that we've been given a website to perform a security audit on. Assuming that our malicious file upload has been stopped by the server, here are some ways to ascertain what kind of server-side filter…
-
Splunk Incident Handling: WALKTHROUGH
This room covers an incident Handling scenario using Splunk. An incident from a security perspective is “Any event or action, that has a negative consequence on the security of a user/computer or an organization is considered a security incident.” Below are a few of the…
-
Splunk:Basics: WALKTHROUGH
Splunk is one of the leading SIEM solutions in the market that provides the ability to collect, analyze and correlate the network and machine logs in real-time. In this room, we will explore the basics of Splunk and its functionalities and how it provides better visibility of network activities…
-
ItsyBitsy (ELK): WALKTHROUGH
In this challenge room, we will take a simple challenge to investigate an alert by IDS regarding a potential C2 communication. Room Machine Before moving forward, deploy the machine. When you deploy the machine, it will be assigned an IP Machine IP: MACHINE_IP. The machine will take up to…
