Threat Hunting
-
Intro to Malware Analysis
Every once in a while, when you are working as a SOC analyst, you will come across content (a file or traffic) that seems…
-
TheHive Project
Welcome to TheHive Project Outline! This room will cover the foundations of using the TheHive Project, a Security Incident Response Platform. Specifically,…
-
ItsyBitsy (ELK): WALKTHROUGH
In this challenge room, we will take a simple challenge to investigate an alert by IDS regarding a potential C2 communication. Room Machine Before…
-
Challenge:Monday Monitor: WALKTHROUGH
Scenario Swiftspend Finance, the coolest fintech company in town, is on a mission to level up its cyber security game to keep…
-
SIEM: NOTES
What is SIEM SIEM stands for Security Information and Event Management system. It is a tool that collects data from various endpoints/network devices across the…
-
Wazuh: WALKTHROUGH
[INCOMPLETE] Created in 2015, Wazuh is an open-source, freely available and extensive EDR solution. It can be used in all scales of environments. Wazuh…
-
Endpoint Security: NOTES
Wazuh Wazuh is an open-source, freely available, and extensive EDR solution, which Security Engineers can deploy in all scales of environments. Wazuh operates on…
-
TShark: NOTES
TShark is an open-source command-line network traffic analyser. It is created by the Wireshark developers and has most of the features of…
-
Wireshark (Defensive)
Capture Filter Syntax These filters use byte offsets hex values and masks with boolean operators, and it is not easy to understand/predict…
-
Brim: NOTES
Brim vs Wireshark vs Zeek While each of them is powerful and useful, it is good to know the strengths and weaknesses of…