Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Tag: Siem
-
TryHackMe- Threat Hunting: Pivoting
Task 1 Introduction Is your organisation’s network robust enough to spot lateral movements of adversaries within your systems? Can you detect unusual network activities or illicit privilege escalation that could indicate a pivot attack? Can you use network telemetry and analytics to identify abnormal behaviour and halt lateral movement before it wreaks havoc? These are essential…
-
TryHackMe | Boogeyman 3
This room challenged me to analyze the tactics, techniques, and procedures (TTPs) of a sophisticated threat actor known as Boogeyman. The complex hands-on exercise walks through tracing the full attack chain, from the CEO falling prey to a phishing email, to weaponized payload execution, credential theft, lateral traversal and attempted ransomware deployment. Room link: https://tryhackme.com/room/boogeyman3…
-
Cyberdefender | Boss Of The SOCv2
Details Instructions: APT Scenarios: In this hands-on exercise, you assume the persona of Alice Bluebird, the soc analyst who successfully assisted Wayne Enterprises and was recommended to Grace Hoppy at Frothly to assist them with their recent issues. Hunting Scenarios: Questions Q1 This is a simple question to get you familiar with submitting answers. What is…
-
TryHackMe | Benign
In this post, I’ll be working through a suspicious process execution exercise from TryHackMe to practice investigating event logs in Splunk. In this exercise, I’m given Windows event logs from an infected host to analyse. By filtering events in Splunk and extracting key data points, anomalies are discovered and attacker activities are uncovered. Task 1 Introduction…
-
TryHackMe | Investigating with Splunk
This room by TryHackMe explores the process of investigating a compromised web server using Splunk SIEM. It focuses on analyzing various Windows data sources such as Sysmon, PowerShell, and event logs to identify indicators of compromise (IOCs). By correlating events, analyzing fields, and pivoting data, anomalies can be detected and the attacker’s actions can be…
-
TryHackMe | Incident Handling with Splunk
As an analyst, understanding how to leverage logs to investigate incidents is a critical skill. In this post, I’ll walk through an interactive case study by TryHackMe, investigating a web server compromise. By mapping attacker activities to the Cyber Kill Chain framework, I’ll gain hands-on practice in log analysis and threat hunting techniques using Splunk…
-
TryHackMe | Splunk: Basics
In this post, I’ll explore Splunk with TryHackMe, a leading SIEM tool, to gain hands-on experience with its key capabilities. This room provides an overview of Splunk’s core components like forwarders, indexers, and search heads and how they work together for log collection and analysis. It also covers fundamental Splunk concepts like ingesting sample VPN…
-
TryHackMe | Investigating with ELK 101
This writeup explores the use of the ELK Stack for investigating logs and identifying unusual patterns. The Elastic Stack, comprising Elasticsearch, Logstash, Kibana, and Beats, facilitates the aggregation, processing, analysis, and visualization of data. The focal point is Kibana, which empowers analysts to interactively search, filter, and visualize data stored in Elasticsearch indices. Key topics…
-
TryHackMe | Introduction to SIEM
This my write-up for TryHackMe‘s Introduction to SIEM, which provides an overview of what SIEM is, its significance, and how it works. I will explore fundamental concepts such as network visibility, log sources, and the analysis of logs and alerts. My objective is to understand how SIEM protects networks and data, offering improved visibility, faster threat…
-
Wazuh | Part 4 : Proof of Concept —Windows Endpoint Part 1 of 2
Introduction In my previous posts, I demonstrated the capabilities of Wazuh for monitoring and protecting an Ubuntu endpoint, including detecting malware, analyzing system calls, assessing configurations, and more. This time, I will be replicating some use cases and proof of concept on a Windows endpoint. In this post, I’ll walk through practical examples of using…
Igor_sec's Blog 