Incident Response and Forensics

Incident Handling Life Cycle

NIST - Security Incident Handling 1. Preparation The preparation phase covers the readiness of an organization against an attack. That means documenting the requirements, defining the policies, incorporating the security controls to monitor like EDR / SIEM /…

Bharath Narayanasamy NIST, Incident Management, dfir, CISO

Intrusion Detection and Response RESPOND

DFIR: Core Windows Processes

Reference: TryHackMe Room "Core Windows Processes" Core Windows Processes Understanding how the Windows operating system functions as a defender is vital. Task Manager doesn't show a Parent-Child process view. That is where other utilities, such as Process…

Bharath Narayanasamy dfir, memory, Volatility

SOC Analyst Threat Detection and Incident Response BLUE TEAM

Introduction to Network Forensics

Source: Tryhackme Networkminer room Introduction to Network Forensics Network Forensics is a specific subdomain of the Forensics domain, and it focuses on network traffic investigation. Network Forensics discipline covers the work done to access information transmitted…

Bharath Narayanasamy networkminer, traffic_analysis, threat_detection, dfir, BLUE

Threat Hunting SOC Analyst Threat Detection and Incident Response

Netminer

NetworkMiner CapabilityDescriptionTraffic sniffingIt can intercept the traffic, sniff it, and collect and log packets that pass through the network.Parsing PCAP filesIt can parse pcap files and show the content of the packets in detail.Protocol analysisIt can identify the…

Bharath Narayanasamy Threat_hunting, threat_detection, netminer, dfir

Splunk

Splunk SPL 101

Bharath Narayanasamy splunk, SPL

Threat Hunting Threat Intelligence

Threat Intelligence Tools – URLScan.io

Urlscan.io is a free service developed to assist in scanning and analysing websites. It is used to automate the process of browsing and crawling through websites to record activities and interactions. When a URL is submitted, the…

Bharath Narayanasamy Threat Intel, URLScan.io

Splunk

Splunk Fundamentals

Splunk Components Splunk Forwarder Splunk Forwarder is a lightweight agent installed on the endpoint intended to be monitored, and its main task is to collect the data and send it to the Splunk instance. Splunk Indexer Splunk…

Bharath Narayanasamy

Threat Intelligence

Threat Intelligence Tools – Abuse.ch

Abuse.ch Platform Abuse.ch is a research project hosted by the Institue for Cybersecurity and Engineering at the Bern University of Applied Sciences in Switzerland. It was developed to identify and track malware and botnets through several operational…

Bharath Narayanasamy Threat Intel, abuse.ch

Threat Detection and Incident Response DETECT Traffic Analysis

Wireshark 101 | Packet Operations

Wireshark: Packet Operations Statistics | Summary This menu provides multiple statistics options ready to investigate to help users see the big picture in terms of the scope of the traffic, available protocols, endpoints and conversations, and…

Bharath Narayanasamy wireshark

Threat Detection and Incident Response

Wireshark 101 | Traffic Analysis and Investigation (PART 01)

Wireshark: Traffic Analysis Display Filter Reference Investigating Nmap scans Nmap is an industry-standard tool for mapping networks, identifying live hosts and discovering the services. As it is one of the most used network scanner tools, a security…

Bharath Narayanasamy wireshark