Powered By TEKGENX CONSULTING
Views: 18TShark VS. Wireshark (Terminal vs. GUI) TShark is a purpose-built terminal tool based on Wireshark. TShark shares many of the same features that are included in Wireshark and even shares syntax and options. TShark is perfect for use on machines with little or no desktop environment and can easily pass the capture information it … Read more
Views: 10Locate tcpdump Install TCPdump Tcpdump Version Validation TCPDump will resolve IPs to hostnames by default. Traffic Captures with Tcpdump Basic Capture Options Switch Command Result D Will display any interfaces available to capture from. i Selects an interface to capture from. ex. -i eth0 n Do not resolve hostnames. nn Do not resolve hostnames … Read more
Views: 24Use case 1: Failed Logon Attempts (Disabled Users) Use case 2: Failed Logon Attempts (using Admin Accounts) Use case 3: Successful RDP Logon Related To Service Accounts Use case 4: Users Added Or Removed From A Local Group
Views: 17How To Build SIEM Use Cases Example SIEM Use cases Use case 1: Microsoft Build Engine Started By An Office Application A practical example using the Elastic stack as a SIEM solution to help understand how to map each of the use case points listed above. MSBuild, part of the Microsoft Build Engine, is … Read more
Views: 19“The pattern matching swiss knife for malware researchers (and everyone else)” YARA in a nutshell YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA we can create descriptions of malware families (or whatever you want to describe) based on textual or binary … Read more
Views: 12Introduction to Log Management Logs are a record of events within a system. These records provide a detailed account of what a system has been doing, capturing a wide range of events such as user logins, file accesses, system errors, network connections, and changes to data or system configurations. While the specific details may … Read more
Views: 11Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
Views: 26NIST Functions Framework Core The Core consists of three parts: Functions, Categories, and Subcategories. The Core includes five high level functions: Identify, Protect, Detect, Respond, and Recover. These 5 functions are not only applicable to cybersecurity risk management, but also to risk management at large. The next level down is the 23 Categories that are split … Read more
Views: 63Splunk Search Processing Language comprises of multiple functions, operators and commands that are used together to form a simple to complex search and get the desired results from the ingested logs. Main components of SPL Search Field Operators Comparison Operators These operators are used to compare the values against the fields. Field Name Operator … Read more