Powered By TEKGENX CONSULTING
Views: 8Bourne Again Shell The main difference between scripting and programming languages is that we don’t need to compile the code to execute the scripting language, as opposed to programming languages. Structure of Scripting Language Input & OutputArguments, Variables & ArraysConditional executionArithmeticLoopsComparison operatorsFunctions Script Execution
Views: 26Splunk Cheat Sheet Query to identify failed login attempts: Query to identify privilege escalation attempts: Query to identify failed SSH attempts: Query to identify successful SSH attempts: Query to identify unusual network traffic: Query to identify suspicious processes: Query to identify brute force attacks: Query to identify privilege escalation attempts on Windows systems: Query … Read more
Views: 14Splunk Components Splunk Forwarder Splunk Forwarder is a lightweight agent installed on the endpoint intended to be monitored, and its main task is to collect the data and send it to the Splunk instance. Splunk Indexer Splunk Indexer plays the main role in processing the data it receives from forwarders. It takes the data, normalizes … Read more
Views: 8Risk Management Frameworks There are several frameworks for risk assessment. Example methodologies are: NIST SP 800-30 Based on NIST SP 800-30, the risk management process entails four steps: Frame Risk
Views: 8Risk Avoidance Risk Acceptance Risk Reduction Basic Terminology Threat A threat is a potential harm or danger to an individual, organisation, or system. Threats can be classified into three main categories: human-made, technical, or natural. Human-made threats: These threats are caused by human activities or interventions. Examples include: As can be seen, human-made threats are not limited to … Read more
Views: 39
Views: 36OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. OpenCTI is designed to provide organizations with the means to manage CTI through the storage, analysis, visualization and presentation of threat campaigns, malware and IOCs. Developed by the collaboration of the French National cybersecurity agency (ANSSI), the platform’s main objective is to … Read more
Views: 11
Views: 13 “We Love Oranges AS Oranges Mean Pure Refreshment” W Weight (Highest) L LOCAL_PREF (Highest) O Originate (local) routes that are advertise through the “network” command or redistributed from an IGP. AS AS_PATH (shortest) O ORIGIN Code (IGP > EGP > Incomplete) M MED (lowest) P Paths (External > Internal) R RID (lowest)
Views: 44Let’s walk through a practical example of creating a custom detection rule with the MITRE ATT&CK framework in Splunk. Example:Let’s say we want to create a detection rule for the technique T1566.001 – “Phishing: Spearphishing Attachment” from the MITRE ATT&CK framework. This technique involves targeted phishing attacks where attackers send malicious attachments via email … Read more