SOC Analyst – Page 3

ELASTIC SIEM: Kibana Query Language (KQL)

Different Syntax Languages Kibana supports two types of syntax languages for querying in Kibana: KQL (Kibana Query Language) and Lucene Query Syntax. Kibana Query Language (KQL) is a user-friendly query language developed by Elastic…

Bharath Narayanasamy

Threat Hunting Threat Detection and Incident Response

Threat Detection: Detecting a Webserver Attack

LAB Setup Let's use the DIWA ( Deliberately Insecure Web Application) vulnerable created by Tim Steufmehl , to setup the victim machine. Prepare a Linux machiine with Docker installed. Follow the…

Bharath Narayanasamy

Intrusion Detection and Response DETECT SOC Analyst

DFIR: Linux File System Analysis

Bharath Narayanasamy

SOC Analyst

Cyber Kill Chain

Cyber Kill Chain Official Page: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Cyber Kill Chain is a framework created by Lockheed Martin in 2011 and used to model the attacks of attackers. Within this framework, attacker behaviors…

Bharath Narayanasamy

Elastic SIEM Threat Hunting Threat Detection and Incident Response

Practical Threat Hunting using Elastic SIEM: Hunting for Stuxbot

Based on the INTRODUCTION TO THREAT HUNTING & HUNTING WITH ELASTIC module from HTB-Academy Hunting for Stuxbot The Stuxbot cybercrime group operates with a broad scope, seizing upon opportunities as…

Bharath Narayanasamy

Threat Detection and Incident Response BLUE TEAM DETECT

Netminer

NetworkMiner CapabilityDescriptionTraffic sniffingIt can intercept the traffic, sniff it, and collect and log packets that pass through the network.Parsing PCAP filesIt can parse pcap files and show the content of the packets…

Bharath Narayanasamy

BLUE TEAM DETECT Traffic Analysis

Introduction to Network Forensics

Source: Tryhackme Networkminer room Introduction to Network Forensics Network Forensics is a specific subdomain of the Forensics domain, and it focuses on network traffic investigation. Network Forensics discipline covers the…

Bharath Narayanasamy

Threat Detection and Incident Response BLUE TEAM DETECT

Analysis with Wireshark

TShark VS. Wireshark (Terminal vs. GUI) TShark is a purpose-built terminal tool based on Wireshark. TShark shares many of the same features that are included in Wireshark and even shares…

Bharath Narayanasamy

Traffic Analysis

Traffic Analysis Essentials

There are two main techniques used in Traffic Analysis: Flow AnalysisPacket AnalysisCollecting data/evidence from the networking devices. This type of analysis aims to provide statistical results through the data summary…

Bharath Narayanasamy

Threat Detection and Incident Response

Incident Handling Life Cycle

NIST - Security Incident Handling 1. Preparation The preparation phase covers the readiness of an organization against an attack. That means documenting the requirements, defining the policies, incorporating the security…

Bharath Narayanasamy