Windows Event Logs
Understanding Windows Event Logs Each entry in the Windows Event Log is an "Event" and contains the following primary components: Log Name: The name of the event log (e.g., Application,…
Wireshark 101 | Packet Operations
Wireshark: Packet Operations Statistics | Summary This menu provides multiple statistics options ready to investigate to help users see the big picture in terms of the scope of the traffic,…
Posted inSOC Analyst
SOC Tools and Useful Links
1- IP & URL Reputation 1. Virus Total :Â https://www.virustotal.com/gui/home/upload2. URL Scan :Â https://urlscan.io/3. AbuseIPDB:Â https://www.abuseipdb.com/4. Cisco Talos:Â https://www.talosintelligence.com/5. IBM X-Force:Â https://lnkd.in/gt8iyHE56. URL Filtering(Palo Alto):Â https://lnkd.in/e4bkm5Eq7. URL Filtering(Symantec):Â https://lnkd.in/g4qQGsHG8. IP Void:Â https://www.ipvoid.com/9. URL Void:Â https://www.urlvoid.com/ 2- File | Hash…
ELASTIC SIEM: Kibana Query Language (KQL)Â
Different Syntax Languages Kibana supports two types of syntax languages for querying in Kibana: KQL (Kibana Query Language) and Lucene Query Syntax. Kibana Query Language (KQL) is a user-friendly query language developed by Elastic…
Posted inMITRE ATT&CK
MITRE Framework
MITRE ATT&CK Navigator https://mitre-attack.github.io/attack-navigator MITRE D3FEND https://d3fend.mitre.org MITRE ENGAGE MITRE Engage MITRE Engage Matrix ATT&CK Emulation Plans https://mitre-engenuity.org Center of Threat-Informed Defense (CTID) Cyber Analytics Repository https://car.mitre.org
Posted inAttacking Active Directory
GOAD v2 Installation
Game Of Active Directory The following steps explain the procedure to setup the GOADv2 LAB environment to pentest Active Directory. Warning This lab is extremely vulnerable, do not reuse recipe to…
Posted inIntrusion Detection and Response RESPOND
DFIR: Core Windows Processes
Reference: TryHackMe Room "Core Windows Processes" Core Windows Processes Understanding how the Windows operating system functions as a defender is vital. Task Manager doesn't show a Parent-Child process view. That…
Posted inwazuh
Remotely Upgrading Wazuh Agents – CLI Method
To upgrade agents using the command line, use the agent_upgrade tool as follows: List all the agents with outdated software: /var/ossec/bin/agent_upgrade -l [root@wazuh-server wazuh-user]# /var/ossec/bin/agent_upgrade -lID    Name                                Version                   001   zyberpatrol-pdc                     Wazuh v4.7.1…
Posted inBIG-IP LTM
L4 – L7 Load Balancing
Load Balancers Despite the name, a Load Balancer does not only balance the load: some of its core functionalities are: Load Balancing: of course, it has a way to determine…
Posted inBIG-IP LTM
BIG-IP LTM: Deployment Models
Deployment Methods One-armed Deployment Two-armed Deployment nPath or Direct Server Response (DSR) Deployment One-Arm Deployment In one-arm deployment, the load balancer is not physically in line of the traffic, which…