RESPOND – NetwerkLABS

Wireshark 101 | Traffic Analysis and Investigation (PART 04)

Encrypted Protocol Analysis: Decrypting HTTPS When investigating web traffic, analysts often run across encrypted traffic. This is caused by using the Hypertext Transfer Protocol Secure (HTTPS) protocol for enhanced security against spoofing, sniffing and intercepting attacks.…

zyberbkay wireshark

IDENTIFY DETECT RESPOND

Wireshark 101 | Traffic Analysis and Investigation (PART 03)

Investigate Tunnelling Traffic: ICMP and DNS Traffic tunnelling is (also known as "port forwarding") transferring the data/resources in a secure method to network segments and zones. It can be used for "internet to private networks" and "private networks…

zyberbkay dfir, wireshark

IDENTIFY DETECT RESPOND

Wireshark 101 | Traffic Analysis and Investigation (PART 02)

Identifying Hosts When investigating a compromise or malware infection activity, a security analyst should know how to identify the hosts on the network apart from IP to MAC address match. One of the best methods is…

Bharath Narayanasamy wireshark

DETECT RESPOND CyBER Tools

Endpoint Detection and Response (EDR) : Lima Charlie (Part 01)

Introduction to Endpoint Detection and Response (EDR) Endpoint Detection and Response (EDR) is a cybersecurity solution designed to detect, investigate, and respond to threats at the endpoint level. Endpoints include devices like laptops, desktops, servers, and…

Bharath Narayanasamy EDR, LIMA

DETECT PROTECT RESPOND

SNORT 101 (Part 03)

Snort Rules Each rule should have a type of action, protocol, source and destination IP, source and destination port and an option. Remember, Snort is in passive mode by default. So most of the time, we…

Bharath Narayanasamy snort

DETECT RESPOND

SNORT 101 (Part 02)

SNORT in IDS/IPS mode IDS/IPS mode with parameter "-A" There are several alert modes available in snort; console: Provides fast style alerts on the console screen. cmg: Provides basic header details with payload in hex and text format. full: Full…

Bharath Narayanasamy snort

Intrusion Detection and Response RESPOND

DFIR: Core Windows Processes

Reference: TryHackMe Room "Core Windows Processes" Core Windows Processes Understanding how the Windows operating system functions as a defender is vital. Task Manager doesn't show a Parent-Child process view. That is where other utilities, such as Process…

Bharath Narayanasamy dfir, memory, Volatility