Powered By TEKGENX CONSULTING
Views: 23Source: Tryhackme Networkminer room Introduction to Network Forensics Network Forensics is a specific subdomain of the Forensics domain, and it focuses on network traffic investigation. Network Forensics discipline covers the work done to access information transmitted by listening and investigating live and recorded traffic, gathering evidence/artefacts and understanding potential problems. The investigation tries to … Read more
Views: 8
Views: 25TShark VS. Wireshark (Terminal vs. GUI) TShark is a purpose-built terminal tool based on Wireshark. TShark shares many of the same features that are included in Wireshark and even shares syntax and options. TShark is perfect for use on machines with little or no desktop environment and can easily pass the capture information it … Read more
Views: 17Locate tcpdump Install TCPdump Tcpdump Version Validation TCPDump will resolve IPs to hostnames by default. Traffic Captures with Tcpdump Basic Capture Options Switch Command Result D Will display any interfaces available to capture from. i Selects an interface to capture from. ex. -i eth0 n Do not resolve hostnames. nn Do not resolve hostnames … Read more
Views: 29Use case 1: Failed Logon Attempts (Disabled Users) Use case 2: Failed Logon Attempts (using Admin Accounts) Use case 3: Successful RDP Logon Related To Service Accounts Use case 4: Users Added Or Removed From A Local Group
Views: 19How To Build SIEM Use Cases Example SIEM Use cases Use case 1: Microsoft Build Engine Started By An Office Application A practical example using the Elastic stack as a SIEM solution to help understand how to map each of the use case points listed above. MSBuild, part of the Microsoft Build Engine, is … Read more