NetwerkLABS

How to Brute Force Websites with Hydra

Border Gateway Protocol (BGP) Best Path Selection Mnemonic

“We Love Oranges AS Oranges Mean Pure Refreshment”WWeight (Highest)LLOCAL_PREF (Highest)OOriginate (local) routes that are advertise through the “network” command or redistributed from an IGP.ASAS_PATH (shortest)OORIGIN Code (IGP > EGP > Incomplete)MMED (lowest)PPaths (External > Internal)RRID (lowest)

Bharath Narayanasamy BGP, CCNP

Threat Intelligence

Custom detection rule with the MITRE ATT&CK framework in Splunk

Let's walk through a practical example of creating a custom detection rule with the MITRE ATT&CK framework in Splunk. Example:Let's say we want to create a detection rule for the technique T1566.001 - "Phishing: Spearphishing Attachment"…

Bharath Narayanasamy

Threat Hunting Threat Detection and Incident Response

Detect brute force attacks using Splunk

To detect brute force attacks using Splunk, you can create queries that monitor and analyze relevant log data. Here are some example Splunk queries that can help you identify potential brute force attack patterns: Detecting failed…

Bharath Narayanasamy brute-force

BLUE TEAM Intrusion Detection and Response

Suricata rules to detect Web application attacks

Here are some examples of Suricata rules that can be used to detect web application attacks: 1. SQL Injection: alert http any any -> any any (msg:"SQL Injection Detected"; flow:established,to_server; content:"SELECT"; nocase; http_uri; pcre:"/(\%27)|(\')|(\-\-)|(\%23)|(#)/i"; classtype:web-application-attack; sid:100001;)…

Bharath Narayanasamy suricata

Security+

DNS Tunneling attacks

DNS tunneling is a technique used by attackers to bypass network security measures and exfiltrate data from a targeted network. It involves encapsulating unauthorized data within DNS (Domain Name System) queries or responses, allowing the attacker…

Bharath Narayanasamy attacks

Threat Intelligence

Investigate SQLi attacks using Splunk

Sure! Here are a few Splunk queries that can help detect web application attacks: Detecting SQL Injection Attacks: index=<your_index> sourcetype=<your_sourcetype> | search (request_uri=*' OR referer=*) AND (|inputlookup sql_injection_keywords.csv) Detecting Cross-Site Scripting (XSS) Attacks: index=<your_index> sourcetype=<your_sourcetype> |…

Bharath Narayanasamy splunk, SQLi

SOC Analyst

Cybersecurity playbook for SOC

Developing a comprehensive cybersecurity playbook for a Security Operations Center (SOC) requires a systematic approach to address various aspects of cybersecurity operations. Below is a suggested structure for a SOC playbook: 1. Introduction and Scope …

Bharath Narayanasamy SOC

Privilege Escalation

Linux Privilege Escalation Techniques

Linux privilege escalation techniques involve methods that allow a user to gain higher privileges or escalate their existing privileges to gain unauthorized access or perform actions they wouldn't typically be allowed to do. It's important to…

Bharath Narayanasamy Linux privesc

Threat Hunting Threat Detection and Incident Response

Splunk Threat Hunting – Windows Events

When performing threat hunting using Splunk on Windows systems, there are several important queries you can use to identify potential threats and security incidents. Here are some examples: Detecting Suspicious Processes: index=windows sourcetype="wineventlog:security" EventCode=4688 | where…

Bharath Narayanasamy splunk