Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Hello! Welcome to my blog where I post write-ups for CTF challenges.
In my last post, I began demonstrating Wazuh’s security capabilities on an Ubuntu endpoint. I showed features like file integrity monitoring, and active response in action. In this post, I continue to re-create and explore practical examples of Wazuh as a tool for monitoring docker events, integrating network-based IDS, detecting and removing malware, and many…
This is part 4 of my journey in exploring Wazuh as an endpoint monitoring and protection tool. In my previous posts, I introdued Wazuh’s components and capabilities, built my lab environment using the Quickstart guide, and configured the server. I also deployed agents to my Ubuntu and Windows VMs. With my environment setup, I am…
Welcome to part 3 of my journey in exploring Wazuh. In my previous blogs, I introduced Wazuh and its capabilities then walked through how easily it can be installed and configured. Now in this part, it’s time to deploy agents and start monitoring. Deploying Wazuh Agents For this blog, I will be deploying agents in…
Welcome to part 2 of my journey in exploring Wazuh to gain a semblance of real-life experience in using an enterprise-grade security monitoring platform. In the first part, I delve into a brief introduction about Wazuh, its components and capabilities as an open source security monitoring platform that provides threat detection, integrity monitoring, incident response…
In today’s rapidly evolving digital landscape, securing sensitive data and networks has become paramount. Among the arsenal of tools designed to fortify these defenses, Wazuh emerges as a robust and versatile solution. TryHackMe briefly introduced Wazuh in a separate room within the Endpoint Security Monitoring Module, which is part of their learning path to SOC…
This is my write-up on TryHackMe’s Sysmon room. Task 1: Introduction It is highly recommended that the Windows Event Log room be completed before attempting this room, as the foundational knowledge on windows events will help us navigate this room. In addition, we will be utilizing the tools we learned in the room. Moving on,…
This is my write-up on THM’s Windows Event Logs Room. Task 1: What are event logs? Event logs essentially contain the records of events or activities that have transpired in a machine or host, that would help system administrators, IT technicians, etc, audit and trouble shoot issues in the system. But for blue teams, windows…
In this blog, I will be installing, configuring, and exploring Snort. This the second installment to my first home lab setup with Snort. Here’s a summary of what I have done in this lab project. Note: All the scripts I utilized can be found in my Github page. Disclosure: The scripts are generated with the…
After completing TryHackMe’s module on Network Security and Traffic Analysis, I wanted to delve more into how to install and configure Snort, and play around with it. In this post, I will be covering how I set up my home lab, with the steps I took to download, install, and configure the machines. This setup…
Snort Challenge – Live Attacks | TryHackMe Task 1: Introduction So far, we have been only detecting alerts with the rules that we have created. In this room, we are going to stop malicious activities from exploiting a host. If you have not completed the other Snort rooms, it is highly suggested that you complete…