2023 – Page 3 – NetwerkLABS

Splunk: SPL Cheat Sheet for SOC Analysts

Splunk Cheat Sheet Query to identify failed login attempts: #Query to identify failed login attempts: sourcetype=auth* "authentication failure" | stats count by user | sort -count Query to identify privilege…

Bharath Narayanasamy

Splunk

Splunk Fundamentals

Splunk Components Splunk Forwarder Splunk Forwarder is a lightweight agent installed on the endpoint intended to be monitored, and its main task is to collect the data and send it to…

Bharath Narayanasamy

BLUE TEAM Risk Management INFOSEC Governance and Regulation

Risk Assessment Methodologies

Risk Management Frameworks There are several frameworks for risk assessment. Example methodologies are: NIST SP 800-30: A risk assessment methodology developed by the National Institute of Standards and Technology (NIST).…

Bharath Narayanasamy

BLUE TEAM Risk Management

Risk Management – Terminology

Risk Avoidance Risk Acceptance Risk Reduction Basic Terminology Threat: an intentional or accidental event that can compromise the security of an information system. Examples include hacking, phishing attacks, human error,…

Bharath Narayanasamy

RED TEAM

Attacking AD – Cheatsheet

# Initial Enumeration | Command | Description | | ------------------------------------------------------------ | ------------------------------------------------------------ | | `nslookup ns1.inlanefreight.com` | Used to query the domain name system and discover the IP address to…

Bharath Narayanasamy

VulnLAB

OpenCTI

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. OpenCTI is designed to provide organizations with the means to manage CTI through the storage, analysis, visualization…

Bharath Narayanasamy

PenTest

How to Brute Force Websites with Hydra

Bharath Narayanasamy

CCNP

Border Gateway Protocol (BGP) Best Path Selection Mnemonic

“We Love Oranges AS Oranges Mean Pure Refreshment”WWeight (Highest)LLOCAL_PREF (Highest)OOriginate (local) routes that are advertise through the “network” command or redistributed from an IGP.ASAS_PATH (shortest)OORIGIN Code (IGP > EGP > Incomplete)MMED (lowest)PPaths (External > Internal)RRID (lowest)

Bharath Narayanasamy

Threat Intelligence

Custom detection rule with the MITRE ATT&CK framework in Splunk

Let's walk through a practical example of creating a custom detection rule with the MITRE ATT&CK framework in Splunk. Example:Let's say we want to create a detection rule for the…

Bharath Narayanasamy

Threat Detection and Incident Response Threat Hunting

Detect brute force attacks using Splunk

To detect brute force attacks using Splunk, you can create queries that monitor and analyze relevant log data. Here are some example Splunk queries that can help you identify potential…

Bharath Narayanasamy