Regular Expressions

This entry is part 8 of 4 in the series Splunk 101

Views: 6Regular Expressions: Charsets Searching for Specific Strings Charsets in Regex Using Ranges Matching and Excluding Patterns Important Notes Regular Expressions: Wildcards and Optional Characters Wildcard Matching (. Dot) Optional Characters (? Question Mark) Matching a Literal Dot (\.) Regular Expressions: Line Anchors and Grouping Line Anchors Important Note: Grouping and Either/Or (|) Repeating Groups

Active Directory Domain Service (AD DS)

This entry is part 4 of 4 in the series Attack and Defend Active Directory

Views: 10 Overview Users Machines Security Groups Security Group Description Domain Admins Full control over the domain. Server Operators Can manage Domain Controllers but not admin groups. Backup Operators Can access any file for backup purposes. Account Operators Can create/modify user accounts. Domain Users Includes all user accounts. Domain Computers Includes all machines in the … Read more

GRC 101: SimpleRisk Core (Community Edition)

This entry is part 1 of 4 in the series Governance Risk Compliance

Views: 16What is SimpleRisk CORE (Community Edition)? SimpleRisk CORE (Community Edition) is an open-source Governance, Risk, and Compliance (GRC) tool designed to help organizations identify, assess, and manage risks effectively. It provides a structured framework for risk tracking, mitigation planning, and reporting, making it an excellent choice for small to medium businesses, startups, and cybersecurity … Read more

Metasploit Cheat Sheet

This entry is part 3 of 13 in the series Red Team Engagements

Views: 42MSFconsole Commands Command Description show exploits Show all exploits within the Framework. show payloads Show all payloads within the Framework. grep meterpreter show payloadsgrep meterpreter grep reverse_tcp show payloads MSF – Searching for Specific Payload show auxiliary Show all auxiliary modules within the Framework. search <name> Search for exploits or modules within the Framework. … Read more

Shodan 101

This entry is part 2 of 4 in the series Instrusion Detection and Prevention

Views: 21Shodan is a search engine for Internet-connected devices.It lets users search for various types of servers (webcams, routers, servers, etc.) connected to the internet using a variety of filters.Some have also described it as a search engine of service banners, which is metadata that the server sends back to the client.This can be information … Read more

Wireshark 101 | Traffic Analysis and Investigation (PART 04)

This entry is part 17 of 17 in the series Incident Response and Forensics

Views: 19Encrypted Protocol Analysis: Decrypting HTTPS When investigating web traffic, analysts often run across encrypted traffic. This is caused by using the Hypertext Transfer Protocol Secure (HTTPS) protocol for enhanced security against spoofing, sniffing and intercepting attacks. HTTPS uses TLS protocol to encrypt communications, so it is impossible to decrypt the traffic and view the … Read more

Wireshark 101 | Traffic Analysis and Investigation (PART 03)

This entry is part 16 of 17 in the series Incident Response and Forensics

Views: 20Investigate Tunnelling Traffic: ICMP and DNS Traffic tunnelling is (also known as “port forwarding”) transferring the data/resources in a secure method to network segments and zones. It can be used for “internet to private networks” and “private networks to internet” flow/direction. There is an encapsulation process to hide the data, so the transferred data appear natural … Read more

Concepts of Forensic Imaging

This entry is part 1 of 4 in the series Digital Forensics and Incident Response

Views: 13Core Concepts The process of imaging a disk starts by identifying the target drive, preparing it for imaging, and then creating the image file which is later verified for integrity. This needs to be performed in an environment that allows us to perform these tasks and also ensures the process is properly logged. Each … Read more

Wireshark 101 | Traffic Analysis and Investigation (PART 02)

This entry is part 14 of 17 in the series Incident Response and Forensics

Views: 5Identifying Hosts When investigating a compromise or malware infection activity, a security analyst should know how to identify the hosts on the network apart from IP to MAC address match. One of the best methods is identifying the hosts and users on the network to decide the investigation’s starting point and list the hosts … Read more

Wireshark 101 | Traffic Analysis and Investigation (PART 01)

This entry is part 10 of 17 in the series Incident Response and Forensics

Views: 16Wireshark: Traffic Analysis Display Filter Reference Investigating Nmap scans Nmap is an industry-standard tool for mapping networks, identifying live hosts and discovering the services. As it is one of the most used network scanner tools, a security analyst should identify the network patterns created with it. Common Nmap scan types, It is essential to know … Read more