Skip to content
-
Security You Can Trust, Expertise You Can Rely On. TekGenX Consulting
NetwerkLABS

Powered By TEKGENX CONSULTING

  • Home
  • BLUE TEAM
    • MITRE ATT&CK
    • INFOSEC Governance and Regulation
      • NIST
        • IDENTIFY
        • PROTECT
        • DETECT
        • RESPOND
        • RECOVER
      • Risk Management
    • SOC
      • Threat Detection and Incident Response
        • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
        • Threat Hunting
          • Traffic Analysis
        • Splunk
          • Splunk Basics
          • Understanding Log Sources
          • Dashboards and Reports
          • Exploring SPL
          • Incident Handling with Splunk
          • Investigating with Splunk
    • Security+
    • Scripting
      • Bash Scripting
      • Python
      • ZyBER-TOOLS
  • ZyBER-SERIES
    • Wazuh – SIEM and XDRThe Open Source Security Platform that provides Unified XDR and SIEM protection for endpoints and cloud workloads
    • Attack and Defend Active Directory
    • Offensive Testing Enterprise Networks
    • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
    • F5 Local Traffic Manager (LTM)F5 Local Traffic Manager (LTM)
    • Incident Response and Forensics
    • Red Team Engagements
  • ZyBER-INTEL
  • ZyBER-NEWS
  • Cookie Policy (EU)
Subscribe

Threat Hunting

  • Home
  • Threat Hunting
Regular Expressions
Posted inThreat Hunting SOC Analyst Splunk

Regular Expressions

Regular Expressions: Charsets Searching for Specific Strings Use grep 'string' <file> to search for an exact match. To find patterns rather than exact strings, Regular Expressions (regex) are used. Charsets in Regex Definition: Enclosed in […
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: splunk
(TryHackMe) Servidae: Log Analysis in ELK
Posted inElastic SIEM Threat Hunting SOC Analyst

(TryHackMe) Servidae: Log Analysis in ELK

Link to the TryHackMe Room; https://tryhackme.com/r/room/servidae Room Objectives: Get familiar with the Elastic (ELK) Stack and its components. Understand the significance of log data analysis in detecting and investigating security incidents. Get introduced to Kibana and its key…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: SIEM, THM, ELK
TD_003
Posted inThreat Hunting SOC Analyst Threat Detection and Incident Response

Threat Detection Engineering

Threat Detection Engineering (TDE) involves designing, implementing, and refining security measures to identify and respond to threats. Here are some key topics and domains covered under TDE: Threat Intelligence: Gathering, analyzing, and applying information about current…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: THreat, TDE
Log Analysis: Basics
Posted inThreat Hunting SOC Analyst Intrusion Detection and Response

Log Analysis: Basics

Understanding Logs in Infrastructure Systems Logs and Their Role Logs are time-sequenced messages recording events within a system, device, or application. Essential for insights into the inner workings of infrastructure systems, offering visibility into applications, networks,…
Read More
Posted by Avatar photo Bharath Narayanasamy
Splunk SIEM: Exploring SPL
Posted inSplunk Investigating with Splunk Threat Hunting

Splunk SIEM: Exploring SPL

Splunk Search & Reporting App Overview The Search & Reporting App is the primary interface on Splunk's Home page used for searching and analyzing data. This app provides several essential functionalities to enhance the search experience…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: splunk, SIEM
Threat Intelligence with MISP: Part 1 – Setting up MISP with Docker
Posted inSOC Analyst Threat Detection and Incident Response Threat Intel

Threat Intelligence with MISP: Part 1 – Setting up MISP with Docker

Step-by-Step Guide to Install MISP Using Docker on Ubuntu In this guide, we will walk through the steps to install the MISP (Malware Information Sharing Platform) using Docker on an Ubuntu server. Prerequisites Before we begin,…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: MISP, Threat Intel
Thraet_Detect_TWO
Posted inThreat Hunting Threat Detection and Incident Response Understanding Log Sources

Useful Windows Event IDs

Windows System Logs Event ID 1074 (System Shutdown/Restart): This event log indicates when and why the system was shut down or restarted. By monitoring these events, you can determine if there are unexpected shutdowns or restarts, potentially…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: threat_detection, event-ids
Remote Monitoring and Management software used in phishing attacks
Posted inZyberAttacks Threat Hunting Threat Intelligence

Remote Monitoring and Management software used in phishing attacks

RMM software used in phishing attacks Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these…
Read More
Posted by Avatar photo Bharath Narayanasamy
Threat Intelligence for SOC
Posted inThreat Intelligence

Threat Intelligence for SOC

Threat Intelligence is the analysis of data and information using tools and techniques to generate meaningful patterns to mitigate against potential risks associated with existing or emerging threats targeting organisations, industries, sectors or governments. There are…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: Threat Intel, threat_detection
Threat Detection: Detecting a Webserver Attack
Posted inThreat Hunting Threat Detection and Incident Response

Threat Detection: Detecting a Webserver Attack

LAB Setup Let's use the DIWA ( Deliberately Insecure Web Application) vulnerable created by Tim Steufmehl , to setup the victim machine. Prepare a Linux machiine with Docker installed. Follow the these instructions to install Docker on…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: SIEM, Elastic

Posts pagination

1 2 3 Next page

Recent Posts

  • HAVOC C2: COMMAND & CONTROL FRAMEWORK [PART – I]
  • Wireshark Threat Hunting – From Packets to Indicators [HTTP: DEEP-DIVE]
  • SETUP DVWA ON WINDOWS
  • Wireshark Threat Hunting – From Packets to Indicators [SMB: DEEP-DIVE]
  • Wireshark Threat Hunting – From Packets to Indicators

Categories

AD AD attacks brute-force caldera CISO dfir Elastic hydra linux NIST red-team SIEM snort splunk Threat Intel threat_detection Threat_hunting vulnhub wazuh wireshark

Copyright 2026 — NetwerkLABS. Powered by TekGenX Consulting. All rights reserved.
Scroll to Top

Powered by
►
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
►
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
►
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
►
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
►
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
None
Powered by