Powered By TEKGENX CONSULTING
Bharath Narayanasamy Views: 13Risk Avoidance Risk Acceptance Risk Reduction Basic Terminology Threat A threat is a potential harm or danger to an individual, organisation, or system. Threats can be classified into three main categories: human-made, technical, or natural. Human-made threats: These threats are caused by human activities or interventions. Examples include: As can be seen, human-made threats are not limited to … Read more
Views: 48
Views: 51OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. OpenCTI is designed to provide organizations with the means to manage CTI through the storage, analysis, visualization and presentation of threat campaigns, malware and IOCs. Developed by the collaboration of the French National cybersecurity agency (ANSSI), the platform’s main objective is to … Read more
Views: 13
Views: 15 “We Love Oranges AS Oranges Mean Pure Refreshment” W Weight (Highest) L LOCAL_PREF (Highest) O Originate (local) routes that are advertise through the “network” command or redistributed from an IGP. AS AS_PATH (shortest) O ORIGIN Code (IGP > EGP > Incomplete) M MED (lowest) P Paths (External > Internal) R RID (lowest)
Views: 44Let’s walk through a practical example of creating a custom detection rule with the MITRE ATT&CK framework in Splunk. Example:Let’s say we want to create a detection rule for the technique T1566.001 – “Phishing: Spearphishing Attachment” from the MITRE ATT&CK framework. This technique involves targeted phishing attacks where attackers send malicious attachments via email … Read more
Views: 47To detect brute force attacks using Splunk, you can create queries that monitor and analyze relevant log data. Here are some example Splunk queries that can help you identify potential brute force attack patterns: Explanation: This query searches for log entries containing the phrase “Failed password” and then groups them by the source IP … Read more
Views: 78Here are some examples of Suricata rules that can be used to detect web application attacks: 1. SQL Injection: 2. Cross-Site Scripting (XSS): 3. Remote File Inclusion (RFI): 4. Local File Inclusion (LFI): 5. Command Injection: 6. Server-Side Request Forgery (SSRF): These are just a few examples, and you can modify or create additional … Read more
Views: 19DNS tunneling is a technique used by attackers to bypass network security measures and exfiltrate data from a targeted network. It involves encapsulating unauthorized data within DNS (Domain Name System) queries or responses, allowing the attacker to transmit information through DNS channels. Here is a simplified diagram illustrating the DNS tunneling attack: Here’s an … Read more
Views: 49Sure! Here are a few Splunk queries that can help detect web application attacks: Note: Replace <your_index> and <your_sourcetype> with the appropriate values from your Splunk environment. Also, make sure you have the corresponding lookup tables (sql_injection_keywords.csv, xss_keywords.csv, etc.) populated with relevant attack patterns. You may need to modify the queries based on your … Read more