Powered By TEKGENX CONSULTING
Views: 18Source: Tryhackme Networkminer room Introduction to Network Forensics Network Forensics is a specific subdomain of the Forensics domain, and it focuses on network traffic investigation. Network Forensics discipline covers the work done to access information transmitted by listening and investigating live and recorded traffic, gathering evidence/artefacts and understanding potential problems. The investigation tries to … Read more
Views: 8
Views: 18TShark VS. Wireshark (Terminal vs. GUI) TShark is a purpose-built terminal tool based on Wireshark. TShark shares many of the same features that are included in Wireshark and even shares syntax and options. TShark is perfect for use on machines with little or no desktop environment and can easily pass the capture information it … Read more
Views: 10Locate tcpdump Install TCPdump Tcpdump Version Validation TCPDump will resolve IPs to hostnames by default. Traffic Captures with Tcpdump Basic Capture Options Switch Command Result D Will display any interfaces available to capture from. i Selects an interface to capture from. ex. -i eth0 n Do not resolve hostnames. nn Do not resolve hostnames … Read more
Views: 24Use case 1: Failed Logon Attempts (Disabled Users) Use case 2: Failed Logon Attempts (using Admin Accounts) Use case 3: Successful RDP Logon Related To Service Accounts Use case 4: Users Added Or Removed From A Local Group
Views: 17How To Build SIEM Use Cases Example SIEM Use cases Use case 1: Microsoft Build Engine Started By An Office Application A practical example using the Elastic stack as a SIEM solution to help understand how to map each of the use case points listed above. MSBuild, part of the Microsoft Build Engine, is … Read more
Views: 19“The pattern matching swiss knife for malware researchers (and everyone else)” YARA in a nutshell YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA we can create descriptions of malware families (or whatever you want to describe) based on textual or binary … Read more
Views: 25Intrusion Detection System (IDS) IDS is a passive monitoring solution for detecting possible malicious activities/patterns, abnormal incidents, and policy violations. It is responsible for generating alerts for each suspicious event. There are two main types of IDS systems;
Views: 10There are two main techniques used in Traffic Analysis: Flow Analysis Packet Analysis Collecting data/evidence from the networking devices. This type of analysis aims to provide statistical results through the data summary without applying in-depth packet-level investigation.Advantage: Easy to collect and analyse.Challenge: Doesn’t provide full packet details to get the root cause of a case. Collecting … Read more
Views: 8Where to find the passwords/hashes Windows Linux unattend.xml shadow sysprep.inf shadow.bak SAM password Types of Password Attacks Dictionary attack Brute force Traffic interception Man In the Middle Key Logging Social engineering