Skip to content
-
Security You Can Trust, Expertise You Can Rely On. TekGenX Consulting
NetwerkLABS

Powered By TEKGENX CONSULTING

  • Home
  • BLUE TEAM
    • MITRE ATT&CK
    • INFOSEC Governance and Regulation
      • NIST
        • IDENTIFY
        • PROTECT
        • DETECT
        • RESPOND
        • RECOVER
      • Risk Management
    • SOC
      • Threat Detection and Incident Response
        • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
        • Threat Hunting
          • Traffic Analysis
        • Splunk
          • Splunk Basics
          • Understanding Log Sources
          • Dashboards and Reports
          • Exploring SPL
          • Incident Handling with Splunk
          • Investigating with Splunk
    • Security+
    • Scripting
      • Bash Scripting
      • Python
      • ZyBER-TOOLS
  • ZyBER-SERIES
    • Wazuh – SIEM and XDRThe Open Source Security Platform that provides Unified XDR and SIEM protection for endpoints and cloud workloads
    • Attack and Defend Active Directory
    • Offensive Testing Enterprise Networks
    • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
    • F5 Local Traffic Manager (LTM)F5 Local Traffic Manager (LTM)
    • Incident Response and Forensics
    • Red Team Engagements
  • ZyBER-INTEL
  • ZyBER-NEWS
  • Cookie Policy (EU)
Subscribe

SOC Analyst

  • Home
  • SOC Analyst
Wireshark Threat Hunting – From Packets to Indicators [HTTP: DEEP-DIVE]
Posted inThreat Detection and Incident Response Traffic Analysis DFIR

Wireshark Threat Hunting – From Packets to Indicators [HTTP: DEEP-DIVE]

HTTP/HTTP2 Deep-Dive — Wireshark DFIR // HTTP / HTTP2 — Deep-Dive Filter Reference Granular Wireshark display filters for HTTP/1.1 and HTTP/2 — request methods, path & file access, credential extraction, brute force detection, SQL injection, XSS,…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: wireshark
Wireshark Threat Hunting – From Packets to Indicators [SMB: DEEP-DIVE]
Posted inSOC Analyst Threat Detection and Incident Response Traffic Analysis

Wireshark Threat Hunting – From Packets to Indicators [SMB: DEEP-DIVE]

SMB & Windows Auth Deep-Dive — Wireshark DFIR // SMB & Windows Auth — Deep-Dive Filter Reference Granular Wireshark display filters for SMB2 file & share access (paths, users, operations, error codes), NTLM authentication flow, Kerberos…
Read More
Posted by Avatar photo Bharath Narayanasamy
Wireshark Threat Hunting – From Packets to Indicators
Posted inThreat Detection and Incident Response Traffic Analysis DFIR

Wireshark Threat Hunting – From Packets to Indicators

Wireshark DFIR Cheat Sheet // Wireshark DFIR Cheat Sheet Display filters, detection techniques, traffic analysis workflows, and TShark CLI commands for Digital Forensics & Incident Response. Filters are mapped to MITRE ATT&CK where applicable. Wireshark 4.x…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: wireshark
Vulnerability Management: FARADAY
Posted inSOC Analyst BLUE TEAM Vulnerability Scanning

Vulnerability Management: FARADAY

Faraday: Open Source Vulnerability Manager Faraday is a powerful open-source vulnerability management platform designed to help cybersecurity teams streamline their pentesting, vulnerability assessment, and remediation processes. Built with a collaborative and automation-driven approach, Faraday enables security…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: vuln, faraday
Regular Expressions
Posted inThreat Hunting SOC Analyst Splunk

Regular Expressions

Regular Expressions: Charsets Searching for Specific Strings Use grep 'string' <file> to search for an exact match. To find patterns rather than exact strings, Regular Expressions (regex) are used. Charsets in Regex Definition: Enclosed in […
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: splunk
Wireshark 101 | Traffic Analysis and Investigation (PART 01)
Posted inThreat Detection and Incident Response

Wireshark 101 | Traffic Analysis and Investigation (PART 01)

Wireshark: Traffic Analysis Display Filter Reference Investigating Nmap scans Nmap is an industry-standard tool for mapping networks, identifying live hosts and discovering the services. As it is one of the most used network scanner tools, a security…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: wireshark
Snort 101 (Part 01)
Posted inThreat Detection and Incident Response Intrusion Detection and Response DETECT

Snort 101 (Part 01)

Intrusion Detection System (IDS) IDS is a passive monitoring solution for detecting possible malicious activities/patterns, abnormal incidents, and policy violations. It is responsible for generating alerts for each suspicious event.  There are two main types of IDS systems; Network…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: ids, ips, snort
Operationalizing Security: CALDERA Meets WAZUH (PART II)
Posted inThreat Detection and Incident Response RED TEAM DETECT

Operationalizing Security: CALDERA Meets WAZUH (PART II)

Adversary emulation with Caldera and Wazuh Please visit here to read PART I of this series, which explains the Caldera setup and Windows agent installation. Agent setup Deploy Agents on Linux machines Now, the lab consists…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: wazuh, caldera
(TryHackMe) Servidae: Log Analysis in ELK
Posted inThreat Detection and Incident Response BLUE TEAM Elastic SIEM

(TryHackMe) Servidae: Log Analysis in ELK

Link to the TryHackMe Room; https://tryhackme.com/r/room/servidae Room Objectives: Get familiar with the Elastic (ELK) Stack and its components. Understand the significance of log data analysis in detecting and investigating security incidents. Get introduced to Kibana and its key…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: SIEM, THM, ELK
TD_003
Posted inThreat Hunting SOC Analyst Threat Detection and Incident Response

Threat Detection Engineering

Threat Detection Engineering (TDE) involves designing, implementing, and refining security measures to identify and respond to threats. Here are some key topics and domains covered under TDE: Threat Intelligence: Gathering, analyzing, and applying information about current…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: THreat, TDE

Posts pagination

1 2 3 4 Next page

Recent Posts

  • HAVOC C2: COMMAND & CONTROL FRAMEWORK [PART – I]
  • Wireshark Threat Hunting – From Packets to Indicators [HTTP: DEEP-DIVE]
  • SETUP DVWA ON WINDOWS
  • Wireshark Threat Hunting – From Packets to Indicators [SMB: DEEP-DIVE]
  • Wireshark Threat Hunting – From Packets to Indicators

Categories

AD AD attacks brute-force caldera CISO dfir Elastic hydra linux NIST red-team SIEM snort splunk Threat Intel threat_detection Threat_hunting vulnhub wazuh wireshark

Copyright 2026 — NetwerkLABS. Powered by TekGenX Consulting. All rights reserved.
Scroll to Top

Powered by
►
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
►
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
►
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
►
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
►
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
None
Powered by