Powered By TEKGENX CONSULTING
Views: 84Sure! Here are a few Splunk queries that can help detect web application attacks: Note: Replace <your_index> and <your_sourcetype> with the appropriate values from your Splunk environment. Also, make sure you have the corresponding lookup tables (sql_injection_keywords.csv, xss_keywords.csv, etc.) populated with relevant attack patterns. You may need to modify the queries based on your … Read more
Views: 18Developing a comprehensive cybersecurity playbook for a Security Operations Center (SOC) requires a systematic approach to address various aspects of cybersecurity operations. Below is a suggested structure for a SOC playbook: 1. Introduction and Scope – Provide an overview of the playbook’s purpose, target audience, and scope. – Clearly define the responsibilities … Read more
Views: 20Linux privilege escalation techniques involve methods that allow a user to gain higher privileges or escalate their existing privileges to gain unauthorized access or perform actions they wouldn’t typically be allowed to do. It’s important to note that discussing these techniques can be considered unethical and potentially illegal if used for malicious purposes. However, … Read more
Views: 53When performing threat hunting using Splunk on Windows systems, there are several important queries you can use to identify potential threats and security incidents. Here are some examples: This query looks for event code 4688, which indicates process creation events. It filters out known Splunk-related processes to focus on potentially suspicious activities. This query … Read more
Views: 25SOC (Security Operations Center) teams typically monitor various Windows event IDs to detect and respond to security incidents. While the specific event IDs may vary depending on the organization’s security policies and requirements, here are some commonly monitored Windows event IDs: It’s important to note that the specific event IDs to monitor may vary … Read more
Views: 9 Post Exploit Enumeration Search for passwords Search for Files Search In Registry Active Listening (internal) Ports Enumerating Processes & Services Enumeration using Metasploit Automating local enumeration with JAWS
Views: 36
Views: 10 Cisco ISE licenses Source: Cisco Evaluation Cisco ISE, upon installation, grants a 90-day Evaluation license that supports 100 endpoints and enables all Cisco ISE features. You can set up a limited deployment in Evaluation mode and explore all the capabilities and features within Cisco ISE.
Views: 24Lab setup Enumeration Nmap scan Nikto scan
Views: 80LAB setup Initial Access Read this article to learn how to gain initial access to the victim machine. PATH Abuse PATH is an environment variable that specifies the set of directories where an executable can be located. An account’s PATH variable is a set of absolute paths, allowing a user to type a command without … Read more
