Skip to content
-
Security You Can Trust, Expertise You Can Rely On. TekGenX Consulting
NetwerkLABS

Powered By TEKGENX CONSULTING

  • Home
  • BLUE TEAM
    • MITRE ATT&CK
    • INFOSEC Governance and Regulation
      • NIST
        • IDENTIFY
        • PROTECT
        • DETECT
        • RESPOND
        • RECOVER
      • Risk Management
    • SOC
      • Threat Detection and Incident Response
        • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
        • Threat Hunting
          • Traffic Analysis
        • Splunk
          • Splunk Basics
          • Understanding Log Sources
          • Dashboards and Reports
          • Exploring SPL
          • Incident Handling with Splunk
          • Investigating with Splunk
    • Security+
    • Scripting
      • Bash Scripting
      • Python
      • ZyBER-TOOLS
  • ZyBER-SERIES
    • Wazuh – SIEM and XDRThe Open Source Security Platform that provides Unified XDR and SIEM protection for endpoints and cloud workloads
    • Attack and Defend Active Directory
    • Offensive Testing Enterprise Networks
    • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
    • F5 Local Traffic Manager (LTM)F5 Local Traffic Manager (LTM)
    • Incident Response and Forensics
    • Red Team Engagements
  • ZyBER-INTEL
  • ZyBER-NEWS
  • Cookie Policy (EU)
Subscribe

Digital Forensics and Incident Response

  • Home
  • Digital Forensics and Incident Response
Concepts of Forensic Imaging
Posted inDFIR

Concepts of Forensic Imaging

Core Concepts The process of imaging a disk starts by identifying the target drive, preparing it for imaging, and then creating the image file which is later verified for integrity. This needs to be performed in…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: dfir
Incident Response
Posted inDFIR VulnLAB Threat Detection and Incident Response

Incident Response

Incident response, also known as incident handling, is a cyber security function that uses various methodologies, tools and techniques to detect and manage adversarial attacks while minimizing impact, recovery time and total operating costs. Addressing attacks…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: dfir, IR, Incident
Hunting the hunters: DFIR with Velociraptor (PART-I)
Posted inDFIR

Hunting the hunters: DFIR with Velociraptor (PART-I)

Introduction In the ever-evolving world of Digital Forensics and Incident Response (DFIR), having a powerful tool at your disposal is essential. Velociraptor stands out as an advanced, open-source endpoint monitoring, digital forensics, and cyber response platform.…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: dfir, Velociraptor
Hunting the hunters: DFIR with Velociraptor (PART-II)
Posted inDFIR

Hunting the hunters: DFIR with Velociraptor (PART-II)

We covered the deployment of Velociraptor Server and Client components in the first part of this series. You can read it here if you're interested. This part of the series will walk you through the capabilities…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: Velociraptor, threat_detection, dfir
Wireshark Threat Hunting – From Packets to Indicators
Posted inSOC Analyst Threat Detection and Incident Response Traffic Analysis

Wireshark Threat Hunting – From Packets to Indicators

Wireshark DFIR Cheat Sheet // Wireshark DFIR Cheat Sheet Display filters, detection techniques, traffic analysis workflows, and TShark CLI commands for Digital Forensics & Incident Response. Filters are mapped to MITRE ATT&CK where applicable. Wireshark 4.x…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: wireshark
Wireshark Threat Hunting – From Packets to Indicators [SMB: DEEP-DIVE]
Posted inDFIR SOC Analyst Threat Detection and Incident Response

Wireshark Threat Hunting – From Packets to Indicators [SMB: DEEP-DIVE]

SMB & Windows Auth Deep-Dive — Wireshark DFIR // SMB & Windows Auth — Deep-Dive Filter Reference Granular Wireshark display filters for SMB2 file & share access (paths, users, operations, error codes), NTLM authentication flow, Kerberos…
Read More
Posted by Avatar photo Bharath Narayanasamy
Wireshark Threat Hunting – From Packets to Indicators [HTTP: DEEP-DIVE]
Posted inSOC Analyst Threat Detection and Incident Response Traffic Analysis

Wireshark Threat Hunting – From Packets to Indicators [HTTP: DEEP-DIVE]

HTTP/HTTP2 Deep-Dive — Wireshark DFIR // HTTP / HTTP2 — Deep-Dive Filter Reference Granular Wireshark display filters for HTTP/1.1 and HTTP/2 — request methods, path & file access, credential extraction, brute force detection, SQL injection, XSS,…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: wireshark

Recent Posts

  • HAVOC C2: COMMAND & CONTROL FRAMEWORK [PART – I]
  • Wireshark Threat Hunting – From Packets to Indicators [HTTP: DEEP-DIVE]
  • SETUP DVWA ON WINDOWS
  • Wireshark Threat Hunting – From Packets to Indicators [SMB: DEEP-DIVE]
  • Wireshark Threat Hunting – From Packets to Indicators

Categories

AD AD attacks brute-force caldera CISO dfir Elastic hydra linux NIST red-team SIEM snort splunk Threat Intel threat_detection Threat_hunting vulnhub wazuh wireshark

Copyright 2026 — NetwerkLABS. Powered by TekGenX Consulting. All rights reserved.
Scroll to Top

Powered by
►
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
►
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
►
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
►
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
►
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
None
Powered by