Powered By TEKGENX CONSULTING
Views: 21 Deploy Agents on Linux machines 2 Windows and 1 Linux agents Configure sysmon We configure the agent to capture Sysmon events by adding the following settings to the agent configuration file in “C:\Program Files (x86)\ossec-agent\ossec.conf” Restart the Wazh agent after modifying the agent configuration file. Detection using Wazuh The attacks against the Linux agent … Read more
Views: 23Reference: TryHackMe Room “Core Windows Processes” Core Windows Processes Understanding how the Windows operating system functions as a defender is vital. Task Manager doesn’t show a Parent-Child process view. That is where other utilities, such as Process Hacker and Process Explorer, come to the rescue. Process Hacker Process Explorer Command-line equivalent of obtaining information about the running … Read more
Views: 10Create a GRUB password PBKDF2 stands for Password-Based Key Derivation Function 2. It is important to note that adding a password for GRUB is not available for systems deployed using cloud service providers (such as our Linux VM); a GRUB password does not make sense as you don’t have access to the physical terminal. Encryption There … Read more
Views: 13Intrusion Detection System (IDS) IDS is a passive monitoring solution for detecting possible malicious activities/patterns, abnormal incidents, and policy violations. It is responsible for generating alerts for each suspicious event. There are two main types of IDS systems; Intrusion Prevention System (IPS) IPS is an active protecting solution for preventing possible malicious activities/patterns, abnormal incidents, and policy violations. … Read more
Views: 13
Views: 172Based on the INTRODUCTION TO THREAT HUNTING & HUNTING WITH ELASTIC module from HTB-Academy Hunting for Stuxbot The Stuxbot cybercrime group operates with a broad scope, seizing upon opportunities as they arise, without any specific targeting strategy – their motto seems to be anyone, anytime. The primary motivation behind their actions appears to be espionage … Read more
Views: 13NetworkMiner Capability Description Traffic sniffing It can intercept the traffic, sniff it, and collect and log packets that pass through the network. Parsing PCAP files It can parse pcap files and show the content of the packets in detail. Protocol analysis It can identify the used protocols from the parsed pcap file. OS fingerprinting It can identify … Read more
Views: 18Source: Tryhackme Networkminer room Introduction to Network Forensics Network Forensics is a specific subdomain of the Forensics domain, and it focuses on network traffic investigation. Network Forensics discipline covers the work done to access information transmitted by listening and investigating live and recorded traffic, gathering evidence/artefacts and understanding potential problems. The investigation tries to … Read more
Views: 8
