Skip to content
-
Security You Can Trust, Expertise You Can Rely On. TekGenX Consulting
NetwerkLABS

Powered By TEKGENX CONSULTING

  • Home
  • BLUE TEAM
    • MITRE ATT&CK
    • INFOSEC Governance and Regulation
      • NIST
        • IDENTIFY
        • PROTECT
        • DETECT
        • RESPOND
        • RECOVER
      • Risk Management
    • SOC
      • Threat Detection and Incident Response
        • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
        • Threat Hunting
          • Traffic Analysis
        • Splunk
          • Splunk Basics
          • Understanding Log Sources
          • Dashboards and Reports
          • Exploring SPL
          • Incident Handling with Splunk
          • Investigating with Splunk
    • Security+
    • Scripting
      • Bash Scripting
      • Python
      • ZyBER-TOOLS
  • ZyBER-SERIES
    • Wazuh – SIEM and XDRThe Open Source Security Platform that provides Unified XDR and SIEM protection for endpoints and cloud workloads
    • Attack and Defend Active Directory
    • Offensive Testing Enterprise Networks
    • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
    • F5 Local Traffic Manager (LTM)F5 Local Traffic Manager (LTM)
    • Incident Response and Forensics
    • Red Team Engagements
  • ZyBER-INTEL
  • ZyBER-NEWS
  • Cookie Policy (EU)
Subscribe

Year: 2023

  • Home
  • 2023
  • Page 4
Posted inIntrusion Detection and Response BLUE TEAM

Suricata rules to detect Web application attacks

Here are some examples of Suricata rules that can be used to detect web application attacks: 1. SQL Injection: alert http any any -> any any (msg:"SQL Injection Detected"; flow:established,to_server;…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inSecurity+

DNS Tunneling attacks

DNS tunneling is a technique used by attackers to bypass network security measures and exfiltrate data from a targeted network. It involves encapsulating unauthorized data within DNS (Domain Name System)…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inThreat Intelligence

Investigate SQLi attacks using Splunk

Sure! Here are a few Splunk queries that can help detect web application attacks: Detecting SQL Injection Attacks: index=<your_index> sourcetype=<your_sourcetype> | search (request_uri=*' OR referer=*) AND (|inputlookup sql_injection_keywords.csv) Detecting Cross-Site…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inSOC Analyst

Cybersecurity playbook for SOC

Developing a comprehensive cybersecurity playbook for a Security Operations Center (SOC) requires a systematic approach to address various aspects of cybersecurity operations. Below is a suggested structure for a SOC…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inPrivilege Escalation

Linux Privilege Escalation Techniques

Linux privilege escalation techniques involve methods that allow a user to gain higher privileges or escalate their existing privileges to gain unauthorized access or perform actions they wouldn't typically be…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inThreat Hunting Threat Detection and Incident Response

Splunk Threat Hunting – Windows Events

When performing threat hunting using Splunk on Windows systems, there are several important queries you can use to identify potential threats and security incidents. Here are some examples: Detecting Suspicious…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inThreat Detection and Incident Response

Windows Event IDs to monitor/investigation

SOC (Security Operations Center) teams typically monitor various Windows event IDs to detect and respond to security incidents. While the specific event IDs may vary depending on the organization's security…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inPrivilege Escalation

Privilege Escalation – WINDOWS

Post Exploit Enumeration # Basics systeminfo hostname systeminfo | findstr /B /C:"OS Name" /C:"OS Version" # Who am I? whoami echo %username% # What users/localgroups are on the machine? net…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inEnumeration

CrackMapExec Cheat Sheet

Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inCisco ISE

Cisco ISE licensing

Cisco ISE licenses Source: Cisco Evaluation Cisco ISE, upon installation, grants a 90-day Evaluation license that supports 100 endpoints and enables all Cisco ISE features. You can set up a…
Read More
Posted by Avatar photo Bharath Narayanasamy

Posts pagination

Previous page 1 2 3 4 5 6 … 8 Next page

Recent Posts

  • The Bait Lab – Phishing Simulations, Practical Campaigns with GoPhish & Evilginx (PART: II)
  • The Bait Lab – Phishing Simulations, Practical Campaigns with GoPhish & Evilginx (PART: I)
  • RED Teaming: Mythic C2 Framework
  • Installing OpenBAS: The OpenSource Breach and Attack Simulation
  • Metasploit Framework (MSFconsole) Cheatsheet

Categories

AD AD attacks brute-force caldera dfir drupal Elastic linux LTM NIST red-team SIEM snort splunk Threat Intel threat_detection Threat_hunting vulnhub wazuh wireshark

Copyright 2025 — NetwerkLABS. Powered by TekGenX Consulting. All rights reserved.
Scroll to Top

Powered by
...
►
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
►
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
►
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
►
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
►
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
None
Powered by