Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Tag: hacking
-
Wazuh | Part 4 : Proof of Concept —Windows Endpoint Part 1 of 2
Introduction In my previous posts, I demonstrated the capabilities of Wazuh for monitoring and protecting an Ubuntu endpoint, including detecting malware, analyzing system calls, assessing configurations, and more. This time, I will be replicating some use cases and proof of concept on a Windows endpoint. In this post, I’ll walk through practical examples of using…
-
Wazuh | Part 4 : Proof of Concept – Ubuntu Endpoint Part 3 of 3
Introduction In my last post, I walked through practical examples of Wazuh capabilities including monitoring Docker events, NIDS integration, and malware detection using Yara and VirusTotal Integration. Now I’ll explore additional key features of the Wazuh agent including monitoring system calls, Security Configuration Assessment, taking active response, maintaining a system inventory, and leveraging osquery. System…
-
Wazuh | Part 4 : Proof of Concept – Ubuntu Endpoint Part 2 of 3
In my last post, I began demonstrating Wazuh’s security capabilities on an Ubuntu endpoint. I showed features like file integrity monitoring, and active response in action. In this post, I continue to re-create and explore practical examples of Wazuh as a tool for monitoring docker events, integrating network-based IDS, detecting and removing malware, and many…
-
Wazuh | Part 4 : Proof of Concept – Ubuntu Endpoint Part 1 of 3
This is part 4 of my journey in exploring Wazuh as an endpoint monitoring and protection tool. In my previous posts, I introdued Wazuh’s components and capabilities, built my lab environment using the Quickstart guide, and configured the server. I also deployed agents to my Ubuntu and Windows VMs. With my environment setup, I am…
-
Wazuh | Part 3 : Wazuh Agents installation
Welcome to part 3 of my journey in exploring Wazuh. In my previous blogs, I introduced Wazuh and its capabilities then walked through how easily it can be installed and configured. Now in this part, it’s time to deploy agents and start monitoring. Deploying Wazuh Agents For this blog, I will be deploying agents in…
-
Wazuh | Part 2 : Installing Wazuh and Configuring the Server
Welcome to part 2 of my journey in exploring Wazuh to gain a semblance of real-life experience in using an enterprise-grade security monitoring platform. In the first part, I delve into a brief introduction about Wazuh, its components and capabilities as an open source security monitoring platform that provides threat detection, integrity monitoring, incident response…
-
Wazuh | Part 1 : Components and Capabilities
In today’s rapidly evolving digital landscape, securing sensitive data and networks has become paramount. Among the arsenal of tools designed to fortify these defenses, Wazuh emerges as a robust and versatile solution. TryHackMe briefly introduced Wazuh in a separate room within the Endpoint Security Monitoring Module, which is part of their learning path to SOC…
-
Sysmon | TryHackMe
This is my write-up on TryHackMe’s Sysmon room. Task 1: Introduction It is highly recommended that the Windows Event Log room be completed before attempting this room, as the foundational knowledge on windows events will help us navigate this room. In addition, we will be utilizing the tools we learned in the room. Moving on,…
-
Windows Event Logs | TryHackMe
This is my write-up on THM’s Windows Event Logs Room. Task 1: What are event logs? Event logs essentially contain the records of events or activities that have transpired in a machine or host, that would help system administrators, IT technicians, etc, audit and trouble shoot issues in the system. But for blue teams, windows…
-
Snorting | Installing, Configuring, & Exploring Snort
In this blog, I will be installing, configuring, and exploring Snort. This the second installment to my first home lab setup with Snort. Here’s a summary of what I have done in this lab project. Note: All the scripts I utilized can be found in my Github page. Disclosure: The scripts are generated with the…
Igor_sec's Blog 