Splunk SIEM: Exploring SPL
Splunk Search & Reporting App Overview The Search & Reporting App is the primary interface on Splunk's Home page used for searching and analyzing data. This app provides several essential…
Posted inThreat Hunting Threat Intelligence SOC Analyst
Threat Intelligence with MISP: Part 1 – Setting up MISP with Docker
Step-by-Step Guide to Install MISP Using Docker on Ubuntu In this guide, we will walk through the steps to install the MISP (Malware Information Sharing Platform) using Docker on an…
Useful Windows Event IDs
Windows System Logs Event ID 1074Â (System Shutdown/Restart): This event log indicates when and why the system was shut down or restarted. By monitoring these events, you can determine if there…
Posted inDETECT SOC Analyst BLUE TEAM
Yara
"The pattern matching swiss knife for malware researchers (and everyone else)" Useful Yara Resources Various Github repositories provide a wealth of examples of YARA, https://github.com/Yara-Rules/rules/tree/master/malware https://github.com/mikesxrs/Open-Source-YARA-rules/tree/masterUseful Yara Rules Repositories The DFIR…
Posted inWeb Enumeration RED TEAM WebPentest
Web Attacks
Enumeration & Brute Force Authentication enumeration is a fundamental aspect of security testing, concentrating specifically on the mechanisms that protect sensitive aspects of web applications; this process involves methodically inspecting…
Posted inINFOSEC Governance and Regulation NIST
NIST Cybersecurity Framework (CSF) and ISO/IEC 27001
NIST Cybersecurity Framework (CSF) and ISO/IEC 27001 NIST CSF Functions and Categories to ISO/IEC 27001 Annex A Controls Identify (ID) Asset Management (ID.AM): A.8 (Asset Management) Business Environment (ID.BE): A.5…
Digital Operational Resilience Act (DORA)
Understanding the Digital Operational Resilience Act (DORA): A Comprehensive Overview In an era where digitalization permeates every aspect of our lives, the importance of cybersecurity and operational resilience has never…
CTI_June2024: Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
SOURCE: MS-ISAC TLP:CLEARMS-ISAC CYBERSECURITY ADVISORY MS-ISAC ADVISORY NUMBER:2024-074 DATE(S) ISSUED:06/25/2024 SUBJECT:Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution OVERVIEW:Multiple vulnerabilities have been discovered in Google Chrome, the most…
