Useful Windows Event IDs
Windows System Logs Event ID 1074Â (System Shutdown/Restart): This event log indicates when and why the system was shut down or restarted. By monitoring these events, you can determine if there…
Posted inSOC Analyst BLUE TEAM DETECT
Yara
"The pattern matching swiss knife for malware researchers (and everyone else)" Useful Yara Resources Various Github repositories provide a wealth of examples of YARA, https://github.com/Yara-Rules/rules/tree/master/malware https://github.com/mikesxrs/Open-Source-YARA-rules/tree/masterUseful Yara Rules Repositories The DFIR…
Code Obfuscation and Deobfuscation
Code Obfuscation is a technique used to make a script more difficult to read by humans but allows it to function the same from a technical point of view, though…
Incident Response
Incident response, also known as incident handling, is a cyber security function that uses various methodologies, tools and techniques to detect and manage adversarial attacks while minimizing impact, recovery time…
Incident Report Template
Elements of an incident report Source: Hack The Box Incident Report Template
Windows Event Logs
Understanding Windows Event Logs Each entry in the Windows Event Log is an "Event" and contains the following primary components: Log Name: The name of the event log (e.g., Application,…
Wireshark 101 | Packet Operations
Wireshark: Packet Operations Statistics | Summary This menu provides multiple statistics options ready to investigate to help users see the big picture in terms of the scope of the traffic,…
Posted inSOC Analyst
SOC Tools and Useful Links
1- IP & URL Reputation 1. Virus Total :Â https://www.virustotal.com/gui/home/upload2. URL Scan :Â https://urlscan.io/3. AbuseIPDB:Â https://www.abuseipdb.com/4. Cisco Talos:Â https://www.talosintelligence.com/5. IBM X-Force:Â https://lnkd.in/gt8iyHE56. URL Filtering(Palo Alto):Â https://lnkd.in/e4bkm5Eq7. URL Filtering(Symantec):Â https://lnkd.in/g4qQGsHG8. IP Void:Â https://www.ipvoid.com/9. URL Void:Â https://www.urlvoid.com/ 2- File | Hash…