Bharath Narayanasamy

Attacking AD – Cheatsheet

# Initial Enumeration | Command | Description | | ------------------------------------------------------------ | ------------------------------------------------------------ | | `nslookup ns1.inlanefreight.com` | Used to query the domain name system and discover the IP address to…

Bharath Narayanasamy

VulnLAB

OpenCTI

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. OpenCTI is designed to provide organizations with the means to manage CTI through the storage, analysis, visualization…

Bharath Narayanasamy

PenTest

How to Brute Force Websites with Hydra

Bharath Narayanasamy

CCNP

Border Gateway Protocol (BGP) Best Path Selection Mnemonic

“We Love Oranges AS Oranges Mean Pure Refreshment”WWeight (Highest)LLOCAL_PREF (Highest)OOriginate (local) routes that are advertise through the “network” command or redistributed from an IGP.ASAS_PATH (shortest)OORIGIN Code (IGP > EGP > Incomplete)MMED (lowest)PPaths (External > Internal)RRID (lowest)

Bharath Narayanasamy

Threat Intelligence

Custom detection rule with the MITRE ATT&CK framework in Splunk

Let's walk through a practical example of creating a custom detection rule with the MITRE ATT&CK framework in Splunk. Example:Let's say we want to create a detection rule for the…

Bharath Narayanasamy

Threat Hunting Threat Detection and Incident Response

Detect brute force attacks using Splunk

To detect brute force attacks using Splunk, you can create queries that monitor and analyze relevant log data. Here are some example Splunk queries that can help you identify potential…

Bharath Narayanasamy

BLUE TEAM Intrusion Detection and Response

Suricata rules to detect Web application attacks

Here are some examples of Suricata rules that can be used to detect web application attacks: 1. SQL Injection: alert http any any -> any any (msg:"SQL Injection Detected"; flow:established,to_server;…

Bharath Narayanasamy

Security+

DNS Tunneling attacks

DNS tunneling is a technique used by attackers to bypass network security measures and exfiltrate data from a targeted network. It involves encapsulating unauthorized data within DNS (Domain Name System)…

Bharath Narayanasamy

Threat Intelligence

Investigate SQLi attacks using Splunk

Sure! Here are a few Splunk queries that can help detect web application attacks: Detecting SQL Injection Attacks: index=<your_index> sourcetype=<your_sourcetype> | search (request_uri=*' OR referer=*) AND (|inputlookup sql_injection_keywords.csv) Detecting Cross-Site…

Bharath Narayanasamy

SOC Analyst

Cybersecurity playbook for SOC

Developing a comprehensive cybersecurity playbook for a Security Operations Center (SOC) requires a systematic approach to address various aspects of cybersecurity operations. Below is a suggested structure for a SOC…

Bharath Narayanasamy