Threat Detection: Detecting a Webserver Attack
LAB Setup Let's use the DIWA ( Deliberately Insecure Web Application) vulnerable created by Tim Steufmehl , to setup the victim machine. Prepare a Linux machiine with Docker installed. Follow the…
Posted inThreat Intelligence
Threat Intelligence for SOC
Threat Intelligence is the analysis of data and information using tools and techniques to generate meaningful patterns to mitigate against potential risks associated with existing or emerging threats targeting organisations,…
Posted inThreat Intelligence
Detection Engineering vs Threat Hunting
DETECTION ENGINEERING: REINFORCING THE KNOWN Threat detection is the process of identifying threats in an organization that is actively trying to attack the endpoints, networks, devices and systems. Unlike threat…
Posted inThreat Hunting
Yara 101
YARAÂ is a powerful pattern-matching tool and rule format used for identifying and classifying files based on specific patterns, characteristics, or content. SOC analysts commonly use YARA rules to detect and…
Posted inThreat Intelligence
Custom detection rule with the MITRE ATT&CK framework in Splunk
Let's walk through a practical example of creating a custom detection rule with the MITRE ATT&CK framework in Splunk. Example:Let's say we want to create a detection rule for the…
Posted inThreat Intelligence
Investigate SQLi attacks using Splunk
Sure! Here are a few Splunk queries that can help detect web application attacks: Detecting SQL Injection Attacks: index=<your_index> sourcetype=<your_sourcetype> | search (request_uri=*' OR referer=*) AND (|inputlookup sql_injection_keywords.csv) Detecting Cross-Site…
Practical Threat Hunting using Elastic SIEM: Hunting for Stuxbot
Based on the INTRODUCTION TO THREAT HUNTING & HUNTING WITH ELASTIC module from HTB-Academy Hunting for Stuxbot The Stuxbot cybercrime group operates with a broad scope, seizing upon opportunities as…
Posted inMITRE ATT&CK
MITRE Framework
MITRE ATT&CK Navigator https://mitre-attack.github.io/attack-navigator MITRE D3FEND https://d3fend.mitre.org MITRE ENGAGE MITRE Engage MITRE Engage Matrix ATT&CK Emulation Plans https://mitre-engenuity.org Center of Threat-Informed Defense (CTID) Cyber Analytics Repository https://car.mitre.org
Posted inSOC Analyst
SOC Tools and Useful Links
1- IP & URL Reputation 1. Virus Total :Â https://www.virustotal.com/gui/home/upload2. URL Scan :Â https://urlscan.io/3. AbuseIPDB:Â https://www.abuseipdb.com/4. Cisco Talos:Â https://www.talosintelligence.com/5. IBM X-Force:Â https://lnkd.in/gt8iyHE56. URL Filtering(Palo Alto):Â https://lnkd.in/e4bkm5Eq7. URL Filtering(Symantec):Â https://lnkd.in/g4qQGsHG8. IP Void:Â https://www.ipvoid.com/9. URL Void:Â https://www.urlvoid.com/ 2- File | Hash…
ELASTIC SIEM: Kibana Query Language (KQL)Â
Different Syntax Languages Kibana supports two types of syntax languages for querying in Kibana: KQL (Kibana Query Language) and Lucene Query Syntax. Kibana Query Language (KQL) is a user-friendly query language developed by Elastic…