Bharath Narayanasamy

Custom detection rule with the MITRE ATT&CK framework in Splunk

Let's walk through a practical example of creating a custom detection rule with the MITRE ATT&CK framework in Splunk. Example:Let's say we want to create a detection rule for the technique T1566.001 - "Phishing: Spearphishing Attachment"…

Bharath Narayanasamy

Threat Hunting Threat Detection and Incident Response

Detect brute force attacks using Splunk

To detect brute force attacks using Splunk, you can create queries that monitor and analyze relevant log data. Here are some example Splunk queries that can help you identify potential brute force attack patterns: Detecting failed…

Bharath Narayanasamy brute-force

BLUE TEAM Intrusion Detection and Response

Suricata rules to detect Web application attacks

Here are some examples of Suricata rules that can be used to detect web application attacks: 1. SQL Injection: alert http any any -> any any (msg:"SQL Injection Detected"; flow:established,to_server; content:"SELECT"; nocase; http_uri; pcre:"/(\%27)|(\')|(\-\-)|(\%23)|(#)/i"; classtype:web-application-attack; sid:100001;)…

Bharath Narayanasamy suricata

Security+

DNS Tunneling attacks

DNS tunneling is a technique used by attackers to bypass network security measures and exfiltrate data from a targeted network. It involves encapsulating unauthorized data within DNS (Domain Name System) queries or responses, allowing the attacker…

Bharath Narayanasamy attacks

Threat Intelligence

Investigate SQLi attacks using Splunk

Sure! Here are a few Splunk queries that can help detect web application attacks: Detecting SQL Injection Attacks: index=<your_index> sourcetype=<your_sourcetype> | search (request_uri=*' OR referer=*) AND (|inputlookup sql_injection_keywords.csv) Detecting Cross-Site Scripting (XSS) Attacks: index=<your_index> sourcetype=<your_sourcetype> |…

Bharath Narayanasamy SQLi, splunk

SOC Analyst

Cybersecurity playbook for SOC

Developing a comprehensive cybersecurity playbook for a Security Operations Center (SOC) requires a systematic approach to address various aspects of cybersecurity operations. Below is a suggested structure for a SOC playbook: 1. Introduction and Scope …

Bharath Narayanasamy SOC

Privilege Escalation

Linux Privilege Escalation Techniques

Linux privilege escalation techniques involve methods that allow a user to gain higher privileges or escalate their existing privileges to gain unauthorized access or perform actions they wouldn't typically be allowed to do. It's important to…

Bharath Narayanasamy Linux privesc

Threat Hunting Threat Detection and Incident Response

Splunk Threat Hunting – Windows Events

When performing threat hunting using Splunk on Windows systems, there are several important queries you can use to identify potential threats and security incidents. Here are some examples: Detecting Suspicious Processes: index=windows sourcetype="wineventlog:security" EventCode=4688 | where…

Bharath Narayanasamy splunk

Threat Detection and Incident Response

Windows Event IDs to monitor/investigation

SOC (Security Operations Center) teams typically monitor various Windows event IDs to detect and respond to security incidents. While the specific event IDs may vary depending on the organization's security policies and requirements, here are some…

Bharath Narayanasamy

Privilege Escalation

Privilege Escalation – WINDOWS

Post Exploit Enumeration # Basics systeminfo hostname systeminfo | findstr /B /C:"OS Name" /C:"OS Version" # Who am I? whoami echo %username% # What users/localgroups are on the machine? net users net localgroups net local groups…

Bharath Narayanasamy Windows PrivEsc