Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Tag: ELK
-
TryHackMe- Threat Hunting: Pivoting
Task 1 Introduction Is your organisation’s network robust enough to spot lateral movements of adversaries within your systems? Can you detect unusual network activities or illicit privilege escalation that could indicate a pivot attack? Can you use network telemetry and analytics to identify abnormal behaviour and halt lateral movement before it wreaks havoc? These are essential…
-
TryHackMe | Boogeyman 3
This room challenged me to analyze the tactics, techniques, and procedures (TTPs) of a sophisticated threat actor known as Boogeyman. The complex hands-on exercise walks through tracing the full attack chain, from the CEO falling prey to a phishing email, to weaponized payload execution, credential theft, lateral traversal and attempted ransomware deployment. Room link: https://tryhackme.com/room/boogeyman3…
-
TryHackMe | ItsyBitsy
In this write-up, I’ll utilize the ELK stack knowledge I obtained from the previous room to investigate a potential malware infection. By going through a mock incident, utilizing real-world data sources such as proxy logs, I will gain hands-on practice in core techniques like event correlation, pivoting to an an IP address to find other…
-
TryHackMe | Investigating with ELK 101
This writeup explores the use of the ELK Stack for investigating logs and identifying unusual patterns. The Elastic Stack, comprising Elasticsearch, Logstash, Kibana, and Beats, facilitates the aggregation, processing, analysis, and visualization of data. The focal point is Kibana, which empowers analysts to interactively search, filter, and visualize data stored in Elasticsearch indices. Key topics…
Igor_sec's Blog 