Skip to content
-
Security You Can Trust, Expertise You Can Rely On. TekGenX Consulting
NetwerkLABS

Powered By TEKGENX CONSULTING

  • Home
  • BLUE TEAM
    • MITRE ATT&CK
    • INFOSEC Governance and Regulation
      • NIST
        • IDENTIFY
        • PROTECT
        • DETECT
        • RESPOND
        • RECOVER
      • Risk Management
    • SOC
      • Threat Detection and Incident Response
        • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
        • Threat Hunting
          • Traffic Analysis
        • Splunk
          • Splunk Basics
          • Understanding Log Sources
          • Dashboards and Reports
          • Exploring SPL
          • Incident Handling with Splunk
          • Investigating with Splunk
    • Security+
    • Scripting
      • Bash Scripting
      • Python
      • ZyBER-TOOLS
  • ZyBER-SERIES
    • Wazuh – SIEM and XDRThe Open Source Security Platform that provides Unified XDR and SIEM protection for endpoints and cloud workloads
    • Attack and Defend Active Directory
    • Offensive Testing Enterprise Networks
    • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
    • F5 Local Traffic Manager (LTM)F5 Local Traffic Manager (LTM)
    • Incident Response and Forensics
    • Red Team Engagements
  • ZyBER-INTEL
  • ZyBER-NEWS
  • Cookie Policy (EU)
Subscribe

Incident Response and Forensics

  • Home
  • Incident Response and Forensics
  • Page 2
Analysis with Wireshark
Posted inThreat Detection and Incident Response BLUE TEAM DETECT

Analysis with Wireshark

TShark VS. Wireshark (Terminal vs. GUI) TShark is a purpose-built terminal tool based on Wireshark. TShark shares many of the same features that are included in Wireshark and even shares syntax and options. TShark is perfect…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: wireshark
Incident Report Template
Posted inThreat Detection and Incident Response

Incident Report Template

Elements of an incident report Source: Hack The Box Incident Report Template
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: Incident_Response, IR
IR_002
Posted inThreat Detection and Incident Response Intrusion Detection and Response

Code Obfuscation and Deobfuscation

Code Obfuscation is a technique used to make a script more difficult to read by humans but allows it to function the same from a technical point of view, though performance may be slower. This is…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: dfir, Code
Wireshark 101 | Traffic Analysis and Investigation (PART 02)
Posted inIDENTIFY DETECT RESPOND

Wireshark 101 | Traffic Analysis and Investigation (PART 02)

Identifying Hosts When investigating a compromise or malware infection activity, a security analyst should know how to identify the hosts on the network apart from IP to MAC address match. One of the best methods is…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: wireshark
Threat Intelligence
Posted inThreat Hunting Threat Intelligence

Threat Intelligence

Threat Intelligence Foundation: Threat Intelligence is the analysis of data and information using tools and techniques to generate meaningful patterns on how to mitigate against potential risks associated with existing or emerging threats targeting organisations, industries,…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: Threat Intel, URLScan.io
Wireshark 101 | Traffic Analysis and Investigation (PART 03)
Posted inIDENTIFY DETECT RESPOND

Wireshark 101 | Traffic Analysis and Investigation (PART 03)

Investigate Tunnelling Traffic: ICMP and DNS Traffic tunnelling is (also known as "port forwarding") transferring the data/resources in a secure method to network segments and zones. It can be used for "internet to private networks" and "private networks…
Read More
Posted by Avatar photo zyberbkay Tags: wireshark, dfir
Wireshark 101 | Traffic Analysis and Investigation (PART 04)
Posted inDFIR DETECT RESPOND

Wireshark 101 | Traffic Analysis and Investigation (PART 04)

Encrypted Protocol Analysis: Decrypting HTTPS When investigating web traffic, analysts often run across encrypted traffic. This is caused by using the Hypertext Transfer Protocol Secure (HTTPS) protocol for enhanced security against spoofing, sniffing and intercepting attacks.…
Read More
Posted by Avatar photo zyberbkay Tags: wireshark

Posts pagination

Previous page 1 2

Recent Posts

  • HAVOC C2: COMMAND & CONTROL FRAMEWORK [PART – I]
  • Wireshark Threat Hunting – From Packets to Indicators [HTTP: DEEP-DIVE]
  • SETUP DVWA ON WINDOWS
  • Wireshark Threat Hunting – From Packets to Indicators [SMB: DEEP-DIVE]
  • Wireshark Threat Hunting – From Packets to Indicators

Categories

AD AD attacks brute-force caldera CISO dfir Elastic hydra linux NIST red-team SIEM snort splunk Threat Intel threat_detection Threat_hunting vulnhub wazuh wireshark

Copyright 2026 — NetwerkLABS. Powered by TekGenX Consulting. All rights reserved.
Scroll to Top

Powered by
►
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
►
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
►
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
►
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
►
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
None
Powered by