Skip to content
-
Security You Can Trust, Expertise You Can Rely On. TekGenX Consulting
NetwerkLABS

Powered By TEKGENX CONSULTING

  • Home
  • BLUE TEAM
    • MITRE ATT&CK
    • INFOSEC Governance and Regulation
      • NIST
        • IDENTIFY
        • PROTECT
        • DETECT
        • RESPOND
        • RECOVER
      • Risk Management
    • SOC
      • Threat Detection and Incident Response
        • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
        • Threat Hunting
          • Traffic Analysis
        • Splunk
          • Splunk Basics
          • Understanding Log Sources
          • Dashboards and Reports
          • Exploring SPL
          • Incident Handling with Splunk
          • Investigating with Splunk
    • Security+
    • Scripting
      • Bash Scripting
      • Python
      • ZyBER-TOOLS
  • ZyBER-SERIES
    • Wazuh – SIEM and XDRThe Open Source Security Platform that provides Unified XDR and SIEM protection for endpoints and cloud workloads
    • Attack and Defend Active Directory
    • Offensive Testing Enterprise Networks
    • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
    • F5 Local Traffic Manager (LTM)F5 Local Traffic Manager (LTM)
    • Incident Response and Forensics
    • Red Team Engagements
  • ZyBER-INTEL
  • ZyBER-NEWS
  • Cookie Policy (EU)
Subscribe

BLUE TEAM

  • Home
  • BLUE TEAM
  • Page 5
Analysis with Wireshark
Posted inDETECT Threat Detection and Incident Response BLUE TEAM

Analysis with Wireshark

TShark VS. Wireshark (Terminal vs. GUI) TShark is a purpose-built terminal tool based on Wireshark. TShark shares many of the same features that are included in Wireshark and even shares…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inCheat Sheets IDENTIFY DETECT

TCPDump

Locate tcpdump which tcpdump Install TCPdump sudo apt install tcpdump Tcpdump Version Validation sudo tcpdump --version TCPDump will resolve IPs to hostnames by default. Traffic Captures with Tcpdump Basic Capture…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inDETECT Elastic SIEM

Elastic SIEM: Developing Dashboards & Visualization

Use case 1: Failed Logon Attempts (Disabled Users) https://youtu.be/7Uyqek-FdwI Use case 2: Failed Logon Attempts (using Admin Accounts) https://youtu.be/UGRmsoqk0EM Use case 3: Successful RDP Logon Related To Service Accounts https://youtu.be/eRjA6TpEryk…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inBLUE TEAM DETECT Elastic SIEM

SIEM Use cases

How To Build SIEM Use Cases Comprehend your needs, risks, and establish alerts for monitoring all necessary systems accordingly. Determine the priority and impact, then map the alert to the…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inBLUE TEAM Intrusion Detection and Response

Log Management: Basics

Introduction to Log Management Logs are a record of events within a system. These records provide a detailed account of what a system has been doing, capturing a wide range…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inNIST DETECT

NIST – DETECT: Categories and Subcategories

Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inNIST IDENTIFY

NIST – IDENTIFY: Categories and Subcategories

Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inNIST

NIST Cybersecurity Framework v1.1: Fundamentals

NIST Functions Identify – Understand what you have and includes activities such as asset management, governance, risk assessment. Protect – Build safeguards and controls to protect what is important to…
Read More
Posted by Avatar photo Bharath Narayanasamy
Splunk: SPL Cheat Sheet for SOC Analysts
Posted inSplunk Splunk Basics Investigating with Splunk

Splunk: SPL Cheat Sheet for SOC Analysts

Splunk Cheat Sheet Query to identify failed login attempts: #Query to identify failed login attempts: sourcetype=auth* "authentication failure" | stats count by user | sort -count Query to identify privilege…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inSplunk

Splunk Fundamentals

Splunk Components Splunk Forwarder Splunk Forwarder is a lightweight agent installed on the endpoint intended to be monitored, and its main task is to collect the data and send it to…
Read More
Posted by Avatar photo Bharath Narayanasamy

Posts pagination

Previous page 1 … 3 4 5 6 Next page

Recent Posts

  • The Bait Lab – Phishing Simulations, Practical Campaigns with GoPhish & Evilginx (PART: II)
  • The Bait Lab – Phishing Simulations, Practical Campaigns with GoPhish & Evilginx (PART: I)
  • RED Teaming: Mythic C2 Framework
  • Installing OpenBAS: The OpenSource Breach and Attack Simulation
  • Metasploit Framework (MSFconsole) Cheatsheet

Categories

AD AD attacks brute-force caldera dfir drupal Elastic linux LTM NIST red-team SIEM snort splunk Threat Intel threat_detection Threat_hunting vulnhub wazuh wireshark

Copyright 2025 — NetwerkLABS. Powered by TekGenX Consulting. All rights reserved.
Scroll to Top

Powered by
...
►
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
►
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
►
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
►
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
►
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
None
Powered by