Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Hello! Welcome to my blog where I post write-ups for CTF challenges.
In this post, I’ll be working through a suspicious process execution exercise from TryHackMe to practice investigating event logs in Splunk. In this exercise, I’m given Windows event logs from an infected host to analyse. By filtering events in Splunk and extracting key data points, anomalies are discovered and attacker activities are uncovered. Task 1 Introduction…
Introduction In my previous posts, I walked through installing Wazuh, deploying agents, and demonstrating core capabilities like file integrity monitoring and malware detection on a Windows endpoint. In this final installment, I’ll showcase a few additional key capabilities of Wazuh on Windows, including security configuration assessments, active response, log analysis, and system inventory tracking. These…