NIST

Yara

by
This entry is part 15 of 21 in the series Threat Detection Engineering

Views: 31“The pattern matching swiss knife for malware researchers (and everyone else)”  Useful Yara Resources Various Github repositories provide a wealth of examples of YARA, https://github.com/Yara-Rules/rules/tree/master/malware https://github.com/mikesxrs/Open-Source-YARA-rules/tree/masterUseful Yara Rules Repositories The DFIR Report” shares YARA rules derived from their investigations, https://github.com/The-DFIR-Report/Yara-RulesYara DFIR Report YARA in a nutshell YARA is a tool aimed at (but not limited … Read more

NIST Cybersecurity Framework (CSF) and ISO/IEC 27001

by
close up view of system hacking
This entry is part 2 of 3 in the series Cyber Security Frameworks

Views: 5NIST Cybersecurity Framework (CSF) and ISO/IEC 27001 NIST CSF Functions and Categories to ISO/IEC 27001 Annex A Controls Identify (ID) Protect (PR) Detect (DE) Respond (RS) Recover (RC) NIST SP 800-53 to ISO/IEC 27001 Annex A Controls Access Control (AC) Awareness and Training (AT) Audit and Accountability (AU) Security Assessment and Authorization (CA) Configuration … Read more

Windows Event Logs

by
This entry is part 12 of 18 in the series Incident Response and Forensics

Views: 33Windows logon types and logon codes Logs with event IDs 4624 and 4625 are generated every time there is a successful or failed logon on a local computer, respectively.  In Windows, there are several ways a logon can occur locally, and remotely.  Logon Type Numeric Identifier Description Logon Right Used only by the system … Read more

Wireshark 101 | Packet Operations

by
This entry is part 9 of 18 in the series Incident Response and Forensics

Views: 5Wireshark: Packet Operations Statistics | Summary This menu provides multiple statistics options ready to investigate to help users see the big picture in terms of the scope of the traffic, available protocols, endpoints and conversations, and some protocol-specific details like DHCP, DNS and HTTP/2. For a security analyst, it is crucial to know how to … Read more

ELASTIC SIEM: Kibana Query Language (KQL) 

by
This entry is part 11 of 21 in the series Threat Detection Engineering

Views: 55Different Syntax Languages Kibana supports two types of syntax languages for querying in Kibana: KQL (Kibana Query Language) and Lucene Query Syntax. Special Characters Certain characters are reserved in ELK queries and must be escaped before usage. Reserved characters in ELK include +, -, =, &&, ||, &, | and !. For instance, using the + character in a query will result in an error; to escape this character, precede it with … Read more

DFIR: Core Windows Processes

by
Forensics_001
This entry is part 2 of 18 in the series Incident Response and Forensics

Views: 27Reference: TryHackMe Room “Core Windows Processes” Core Windows Processes Understanding how the Windows operating system functions as a defender is vital.  Task Manager doesn’t show a Parent-Child process view. That is where other utilities, such as Process Hacker and Process Explorer, come to the rescue. Process Hacker Process Explorer Command-line equivalent of obtaining information about the running … Read more

Linux System Hardening

by

Views: 10Create a GRUB password PBKDF2 stands for Password-Based Key Derivation Function 2. It is important to note that adding a password for GRUB is not available for systems deployed using cloud service providers (such as our Linux VM); a GRUB password does not make sense as you don’t have access to the physical terminal. Encryption There … Read more