TryHackMe: OpenVPN Issues and Fixes

Views: 37OpenVPN complaining of depreciated ciphers ERROR: failed to negotiate cipher with server. Add the server’s cipher (‘AES-256-CBC’) to –data-ciphers (currently ‘AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305’) if you want to connect to this server. Fix:

NIST Cybersecurity Framework v1.1: Fundamentals

Views: 26NIST Functions Framework Core The Core consists of three parts: Functions, Categories, and Subcategories. The Core includes five high level functions: Identify, Protect, Detect, Respond, and Recover.  These 5 functions are not only applicable to cybersecurity risk management, but also to risk management at large.  The next level down is the 23 Categories that are split … Read more

Incident Handling Life Cycle

This entry is part 1 of 18 in the series Incident Response and Forensics

Views: 13NIST – Security Incident Handling 1. Preparation The preparation phase covers the readiness of an organization against an attack. That means documenting the requirements, defining the policies, incorporating the security controls to monitor like EDR / SIEM / IDS / IPS, etc. It also includes hiring/training the staff. 2. Detection and Analysis The detection phase covers … Read more

Bash Scripting

Views: 8Bourne Again Shell The main difference between scripting and programming languages is that we don’t need to compile the code to execute the scripting language, as opposed to programming languages. Structure of Scripting Language Input & OutputArguments, Variables & ArraysConditional executionArithmeticLoopsComparison operatorsFunctions Script Execution

Splunk: SPL Cheat Sheet for SOC Analysts

Views: 32Splunk Cheat Sheet Query to identify failed login attempts: Query to identify privilege escalation attempts: Query to identify failed SSH attempts: Query to identify successful SSH attempts: Query to identify unusual network traffic: Query to identify suspicious processes: Query to identify brute force attacks: Query to identify privilege escalation attempts on Windows systems: Query … Read more

Splunk Fundamentals

This entry is part 7 of 18 in the series Incident Response and Forensics

Views: 14Splunk Components Splunk Forwarder Splunk Forwarder is a lightweight agent installed on the endpoint intended to be monitored, and its main task is to collect the data and send it to the Splunk instance. Splunk Indexer Splunk Indexer plays the main role in processing the data it receives from forwarders. It takes the data, normalizes … Read more