Network Forensics
-
Investigating With Splunk: WALKTHROUGH
SOC Analyst Johny has observed some anomalous behaviours in the logs of a few windows machines. It looks like the adversary has access to some…
-
Splunk Incident Handling: WALKTHROUGH
This room covers an incident Handling scenario using Splunk. An incident from a security perspective is “Any event or action, that has…
-
ItsyBitsy (ELK): WALKTHROUGH
In this challenge room, we will take a simple challenge to investigate an alert by IDS regarding a potential C2 communication. Room Machine Before…
-
TShark: NOTES
TShark is an open-source command-line network traffic analyser. It is created by the Wireshark developers and has most of the features of…
-
Brim: NOTES
Brim vs Wireshark vsĀ Zeek While each of them is powerful and useful, it is good to know the strengths and weaknesses of…