Powered By TEKGENX CONSULTING
Bharath Narayanasamy 
Views: 9Wireshark: Traffic Analysis Display Filter Reference Investigating Nmap scans Nmap is an industry-standard tool for mapping networks, identifying live hosts and discovering the services. As it is one of the most used network scanner tools, a security analyst should identify the network patterns created with it. Common Nmap scan types, It is essential to know … Read more
Views: 27Intrusion Detection System (IDS) IDS is a passive monitoring solution for detecting possible malicious activities/patterns, abnormal incidents, and policy violations. It is responsible for generating alerts for each suspicious event. There are two main types of IDS systems; Intrusion Prevention System (IPS) IPS is an active protecting solution for preventing possible malicious activities/patterns, abnormal incidents, and policy violations. … Read more
Views: 68Splunk Search Processing Language comprises of multiple functions, operators and commands that are used together to form a simple to complex search and get the desired results from the ingested logs. Main components of SPL Search Field Operators Comparison Operators These operators are used to compare the values against the fields. Field Name Operator … Read more
Views: 35 Wazuh Integration with VirusTotal Overview Wazuh integrates with VirusTotal to detect malicious files via the File Integrity Monitoring (FIM) module. This allows inspection of monitored files for potential threats. About VirusTotal Create an account in VirusTotal website and obtain a public key to use in this lab. How Wazuh Integration Works Configuration Steps … Read more
Views: 76Adversary emulation with Caldera and Wazuh Please visit here to read PART I of this series, which explains the Caldera setup and Windows agent installation. Agent setup Deploy Agents on Linux machines Now, the lab consists of 2 Windows victims and 1 Linux victim, as reported by Caldera below. Configure Sysmon on Windows victims … Read more
Views: 79CALDERA™ is an open-source framework designed to run autonomous adversary emulation exercises efficiently. It enables users to emulate real-world attack scenarios and assess the effectiveness of their security defences. In addition, it provides a modular environment for red team engagements, supporting red team operators for the manual execution of TTPs and blue teamers for automated … Read more
Views: 30“The pattern matching swiss knife for malware researchers (and everyone else)” Useful Yara Resources Various Github repositories provide a wealth of examples of YARA, https://github.com/Yara-Rules/rules/tree/master/malware https://github.com/mikesxrs/Open-Source-YARA-rules/tree/masterUseful Yara Rules Repositories The DFIR Report” shares YARA rules derived from their investigations, https://github.com/The-DFIR-Report/Yara-RulesYara DFIR Report YARA in a nutshell YARA is a tool aimed at (but not limited … Read more
Views: 12SOURCE: MS-ISAC TLP:CLEARMS-ISAC CYBERSECURITY ADVISORY MS-ISAC ADVISORY NUMBER:2024-074 DATE(S) ISSUED:06/25/2024 SUBJECT:Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution OVERVIEW:Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged … Read more
