Security Operations
-
Critical: WALKTHROUGH
Incident Scenario Our user “Hattori” has reported strange behavior on his computer and realized that some PDF files have been encrypted, including…
-
Velociraptor: WALKTHROUGH
Velociraptor In this room, we will explore Rapid7’s newly acquired tool known as Velociraptor. Per the official Velociraptor documentation, “Velociraptor is a unique, advanced…
-
Intro to Malware Analysis
Every once in a while, when you are working as a SOC analyst, you will come across content (a file or traffic) that seems…
-
Investigating With Splunk: WALKTHROUGH
SOC Analyst Johny has observed some anomalous behaviours in the logs of a few windows machines. It looks like the adversary has access to some…
-
Wazuh: WALKTHROUGH
[INCOMPLETE] Created in 2015, Wazuh is an open-source, freely available and extensive EDR solution. It can be used in all scales of environments. Wazuh…
-
Endpoint Security: NOTES
Wazuh Wazuh is an open-source, freely available, and extensive EDR solution, which Security Engineers can deploy in all scales of environments. Wazuh operates on…
-
Wireshark (Defensive)
Capture Filter Syntax These filters use byte offsets hex values and masks with boolean operators, and it is not easy to understand/predict…
-
Brim: NOTES
Brim vs Wireshark vs Zeek While each of them is powerful and useful, it is good to know the strengths and weaknesses of…
-
Ubuntu Zeek: NOTES
Category Command Purpose and Usage Category Command Purpose and Usage Basics View the command history:ubuntu@ubuntu$ history Execute the 10th command in history:…
-
CTI: NOTES
Cyber Threat Intelligence (CTI) can be defined as evidence-based knowledge about adversaries, including their indicators, tactics, motivations, and actionable advice against them.…