NetwerkLABS

Threat Hunting Threat Detection and Incident Response

Threat Detection: Detecting a Webserver Attack

LAB Setup Let's use the DIWA ( Deliberately Insecure Web Application) vulnerable created by Tim Steufmehl , to setup the victim machine. Prepare a Linux machiine with Docker installed. Follow the these instructions to install Docker on…

Bharath Narayanasamy SIEM, Elastic

Threat Intelligence

Detection Engineering vs Threat Hunting

DETECTION ENGINEERING: REINFORCING THE KNOWN Threat detection is the process of identifying threats in an organization that is actively trying to attack the endpoints, networks, devices and systems. Unlike threat hunting, a threat detection is a…

Bharath Narayanasamy threat_detection, detection_engineering

PROTECT

Linux System Hardening

Create a GRUB password grub2-mkpasswd-pbkdf2 PBKDF2 stands for Password-Based Key Derivation Function 2. It is important to note that adding a password for GRUB is not available for systems deployed using cloud service providers (such as our Linux…

Bharath Narayanasamy

SOC Analyst Threat Detection and Incident Response Intrusion Detection and Response

DFIR: Linux File System Analysis

Bharath Narayanasamy linux, incident response, detection, dfir

Threat Hunting

Yara 101

YARA is a powerful pattern-matching tool and rule format used for identifying and classifying files based on specific patterns, characteristics, or content. SOC analysts commonly use YARA rules to detect and classify malware samples, suspicious files, or…

Bharath Narayanasamy detect, yara

CyBER Tools

NetworkMiner

NetworkMiner is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files. NetworkMiner can also be used to capture live network traffic by sniffing a…

Bharath Narayanasamy networkminer

CyBER Tools

TCPView

TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. TCPView also reports the name…

Bharath Narayanasamy tcpview

PenTest

Intro to Practical Enterprise Pentesting

Stages Pre-Engagement Information Gathering Vulnerability Assessment Exploitation Post-Exploitation Lateral Movement Proof of Concept Post-Engagement

Bharath Narayanasamy pentest

ZyberAttacks

High-Risk Vulnerabilities in ConnectWise ScreenConnect and Remediation procedure

On February 19, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7 and earlier. Affected Products: ScreenConnectSeverity: CriticalPriority: 1 - High ScreenConnect is popular remote access software used by…

Bharath Narayanasamy CVE

Attacking Active Directory

AD Attacks & Tools Timeline

Bharath Narayanasamy AD attacks