Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Tag: blog
-
TryHackMe | REvil Corp
Investigating the Compromised Endpoint Scenario: One of the employees at Lockman Group gave an IT department the call; the user is frustrated and mentioned that all of his files are renamed to a weird file extension that he has never seen before. After looking at the user’s workstation, the IT guy already knew what was…
-
Cyberdefender | Boss Of The SOCv2
Details Instructions: APT Scenarios: In this hands-on exercise, you assume the persona of Alice Bluebird, the soc analyst who successfully assisted Wayne Enterprises and was recommended to Grace Hoppy at Frothly to assist them with their recent issues. Hunting Scenarios: Questions Q1 This is a simple question to get you familiar with submitting answers. What is…
-
TryHackMe | Investigating with Splunk
This room by TryHackMe explores the process of investigating a compromised web server using Splunk SIEM. It focuses on analyzing various Windows data sources such as Sysmon, PowerShell, and event logs to identify indicators of compromise (IOCs). By correlating events, analyzing fields, and pivoting data, anomalies can be detected and the attacker’s actions can be…
-
TryHackMe | Incident Handling with Splunk
As an analyst, understanding how to leverage logs to investigate incidents is a critical skill. In this post, I’ll walk through an interactive case study by TryHackMe, investigating a web server compromise. By mapping attacker activities to the Cyber Kill Chain framework, I’ll gain hands-on practice in log analysis and threat hunting techniques using Splunk…
-
TryHackMe | Splunk: Basics
In this post, I’ll explore Splunk with TryHackMe, a leading SIEM tool, to gain hands-on experience with its key capabilities. This room provides an overview of Splunk’s core components like forwarders, indexers, and search heads and how they work together for log collection and analysis. It also covers fundamental Splunk concepts like ingesting sample VPN…
-
TryHackMe | ItsyBitsy
In this write-up, I’ll utilize the ELK stack knowledge I obtained from the previous room to investigate a potential malware infection. By going through a mock incident, utilizing real-world data sources such as proxy logs, I will gain hands-on practice in core techniques like event correlation, pivoting to an an IP address to find other…
-
Wazuh | Part 4 : Proof of Concept —Windows Endpoint Part 2 of 2
Introduction In my previous posts, I walked through installing Wazuh, deploying agents, and demonstrating core capabilities like file integrity monitoring and malware detection on a Windows endpoint. In this final installment, I’ll showcase a few additional key capabilities of Wazuh on Windows, including security configuration assessments, active response, log analysis, and system inventory tracking. These…
-
Wazuh | Part 4 : Proof of Concept —Windows Endpoint Part 1 of 2
Introduction In my previous posts, I demonstrated the capabilities of Wazuh for monitoring and protecting an Ubuntu endpoint, including detecting malware, analyzing system calls, assessing configurations, and more. This time, I will be replicating some use cases and proof of concept on a Windows endpoint. In this post, I’ll walk through practical examples of using…
-
Wazuh | Part 4 : Proof of Concept – Ubuntu Endpoint Part 3 of 3
Introduction In my last post, I walked through practical examples of Wazuh capabilities including monitoring Docker events, NIDS integration, and malware detection using Yara and VirusTotal Integration. Now I’ll explore additional key features of the Wazuh agent including monitoring system calls, Security Configuration Assessment, taking active response, maintaining a system inventory, and leveraging osquery. System…
-
Wazuh | Part 4 : Proof of Concept – Ubuntu Endpoint Part 2 of 3
In my last post, I began demonstrating Wazuh’s security capabilities on an Ubuntu endpoint. I showed features like file integrity monitoring, and active response in action. In this post, I continue to re-create and explore practical examples of Wazuh as a tool for monitoring docker events, integrating network-based IDS, detecting and removing malware, and many…
Igor_sec's Blog 