MISP (Malware Information Sharing Platform)
MISP
Incident Report Template
Elements of an incident report Source: Hack The Box Incident Report Template
Windows Event Logs
Understanding Windows Event Logs Each entry in the Windows Event Log is an "Event" and contains the following primary components: Log Name: The name of the event log (e.g., Application,…
Wireshark 101 | Packet Operations
Wireshark: Packet Operations Statistics | Summary This menu provides multiple statistics options ready to investigate to help users see the big picture in terms of the scope of the traffic,…
ELASTIC SIEM: Kibana Query Language (KQL)Â
Different Syntax Languages Kibana supports two types of syntax languages for querying in Kibana: KQL (Kibana Query Language) and Lucene Query Syntax. Kibana Query Language (KQL) is a user-friendly query language developed by Elastic…
Threat Detection: Detecting a Webserver Attack
LAB Setup Let's use the DIWA ( Deliberately Insecure Web Application) vulnerable created by Tim Steufmehl , to setup the victim machine. Prepare a Linux machiine with Docker installed. Follow the…
Practical Threat Hunting using Elastic SIEM: Hunting for Stuxbot
Based on the INTRODUCTION TO THREAT HUNTING & HUNTING WITH ELASTIC module from HTB-Academy Hunting for Stuxbot The Stuxbot cybercrime group operates with a broad scope, seizing upon opportunities as…
Netminer
NetworkMiner CapabilityDescriptionTraffic sniffingIt can intercept the traffic, sniff it, and collect and log packets that pass through the network.Parsing PCAP filesIt can parse pcap files and show the content of the packets…
Introduction to Network Forensics
Source: Tryhackme Networkminer room Introduction to Network Forensics Network Forensics is a specific subdomain of the Forensics domain, and it focuses on network traffic investigation. Network Forensics discipline covers the…