Powered By TEKGENX CONSULTING
Views: 13Intrusion Detection System (IDS) IDS is a passive monitoring solution for detecting possible malicious activities/patterns, abnormal incidents, and policy violations. It is responsible for generating alerts for each suspicious event. There are two main types of IDS systems; Intrusion Prevention System (IPS) IPS is an active protecting solution for preventing possible malicious activities/patterns, abnormal incidents, and policy violations. … Read more
Views: 172Based on the INTRODUCTION TO THREAT HUNTING & HUNTING WITH ELASTIC module from HTB-Academy Hunting for Stuxbot The Stuxbot cybercrime group operates with a broad scope, seizing upon opportunities as they arise, without any specific targeting strategy – their motto seems to be anyone, anytime. The primary motivation behind their actions appears to be espionage … Read more
Views: 13NetworkMiner Capability Description Traffic sniffing It can intercept the traffic, sniff it, and collect and log packets that pass through the network. Parsing PCAP files It can parse pcap files and show the content of the packets in detail. Protocol analysis It can identify the used protocols from the parsed pcap file. OS fingerprinting It can identify … Read more
Views: 18Source: Tryhackme Networkminer room Introduction to Network Forensics Network Forensics is a specific subdomain of the Forensics domain, and it focuses on network traffic investigation. Network Forensics discipline covers the work done to access information transmitted by listening and investigating live and recorded traffic, gathering evidence/artefacts and understanding potential problems. The investigation tries to … Read more
Views: 18TShark VS. Wireshark (Terminal vs. GUI) TShark is a purpose-built terminal tool based on Wireshark. TShark shares many of the same features that are included in Wireshark and even shares syntax and options. TShark is perfect for use on machines with little or no desktop environment and can easily pass the capture information it … Read more
Views: 25Intrusion Detection System (IDS) IDS is a passive monitoring solution for detecting possible malicious activities/patterns, abnormal incidents, and policy violations. It is responsible for generating alerts for each suspicious event. There are two main types of IDS systems;
Views: 10There are two main techniques used in Traffic Analysis: Flow Analysis Packet Analysis Collecting data/evidence from the networking devices. This type of analysis aims to provide statistical results through the data summary without applying in-depth packet-level investigation.Advantage: Easy to collect and analyse.Challenge: Doesn’t provide full packet details to get the root cause of a case. Collecting … Read more
Views: 12NIST – Security Incident Handling 1. Preparation The preparation phase covers the readiness of an organization against an attack. That means documenting the requirements, defining the policies, incorporating the security controls to monitor like EDR / SIEM / IDS / IPS, etc. It also includes hiring/training the staff. 2. Detection and Analysis The detection phase covers … Read more
Views: 46To detect brute force attacks using Splunk, you can create queries that monitor and analyze relevant log data. Here are some example Splunk queries that can help you identify potential brute force attack patterns: Explanation: This query searches for log entries containing the phrase “Failed password” and then groups them by the source IP … Read more
Views: 37When performing threat hunting using Splunk on Windows systems, there are several important queries you can use to identify potential threats and security incidents. Here are some examples: This query looks for event code 4688, which indicates process creation events. It filters out known Splunk-related processes to focus on potentially suspicious activities. This query … Read more