Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Investigating the Compromised Endpoint Scenario: One of the employees at Lockman Group gave an IT department the call; the user is frustrated and mentioned that all of his files are renamed to a weird file extension that he has never seen before. After looking at the user’s workstation, the IT guy already knew what was…
Details Instructions: APT Scenarios: In this hands-on exercise, you assume the persona of Alice Bluebird, the soc analyst who successfully assisted Wayne Enterprises and was recommended to Grace Hoppy at Frothly to assist them with their recent issues. Hunting Scenarios: Questions Q1 This is a simple question to get you familiar with submitting answers. What is…
In this post, I’ll be working through a suspicious process execution exercise from TryHackMe to practice investigating event logs in Splunk. In this exercise, I’m given Windows event logs from an infected host to analyse. By filtering events in Splunk and extracting key data points, anomalies are discovered and attacker activities are uncovered. Task 1 Introduction…
This room by TryHackMe explores the process of investigating a compromised web server using Splunk SIEM. It focuses on analyzing various Windows data sources such as Sysmon, PowerShell, and event logs to identify indicators of compromise (IOCs). By correlating events, analyzing fields, and pivoting data, anomalies can be detected and the attacker’s actions can be…
As an analyst, understanding how to leverage logs to investigate incidents is a critical skill. In this post, I’ll walk through an interactive case study by TryHackMe, investigating a web server compromise. By mapping attacker activities to the Cyber Kill Chain framework, I’ll gain hands-on practice in log analysis and threat hunting techniques using Splunk…
In this post, I’ll explore Splunk with TryHackMe, a leading SIEM tool, to gain hands-on experience with its key capabilities. This room provides an overview of Splunk’s core components like forwarders, indexers, and search heads and how they work together for log collection and analysis. It also covers fundamental Splunk concepts like ingesting sample VPN…
In this write-up, I’ll utilize the ELK stack knowledge I obtained from the previous room to investigate a potential malware infection. By going through a mock incident, utilizing real-world data sources such as proxy logs, I will gain hands-on practice in core techniques like event correlation, pivoting to an an IP address to find other…
This writeup explores the use of the ELK Stack for investigating logs and identifying unusual patterns. The Elastic Stack, comprising Elasticsearch, Logstash, Kibana, and Beats, facilitates the aggregation, processing, analysis, and visualization of data. The focal point is Kibana, which empowers analysts to interactively search, filter, and visualize data stored in Elasticsearch indices. Key topics…
This my write-up for TryHackMe‘s Introduction to SIEM, which provides an overview of what SIEM is, its significance, and how it works. I will explore fundamental concepts such as network visibility, log sources, and the analysis of logs and alerts. My objective is to understand how SIEM protects networks and data, offering improved visibility, faster threat…
Introduction In my previous posts, I walked through installing Wazuh, deploying agents, and demonstrating core capabilities like file integrity monitoring and malware detection on a Windows endpoint. In this final installment, I’ll showcase a few additional key capabilities of Wazuh on Windows, including security configuration assessments, active response, log analysis, and system inventory tracking. These…