Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Details Instructions: APT Scenarios: In this hands-on exercise, you assume the persona of Alice Bluebird, the soc analyst who successfully assisted Wayne Enterprises and was recommended to Grace Hoppy at Frothly to assist them with their recent issues. Hunting Scenarios: Questions Q1 This is a simple question to get you familiar with submitting answers. What is…
In this post, I’ll be working through a suspicious process execution exercise from TryHackMe to practice investigating event logs in Splunk. In this exercise, I’m given Windows event logs from an infected host to analyse. By filtering events in Splunk and extracting key data points, anomalies are discovered and attacker activities are uncovered. Task 1 Introduction…
This room by TryHackMe explores the process of investigating a compromised web server using Splunk SIEM. It focuses on analyzing various Windows data sources such as Sysmon, PowerShell, and event logs to identify indicators of compromise (IOCs). By correlating events, analyzing fields, and pivoting data, anomalies can be detected and the attacker’s actions can be…
As an analyst, understanding how to leverage logs to investigate incidents is a critical skill. In this post, I’ll walk through an interactive case study by TryHackMe, investigating a web server compromise. By mapping attacker activities to the Cyber Kill Chain framework, I’ll gain hands-on practice in log analysis and threat hunting techniques using Splunk…
In this post, I’ll explore Splunk with TryHackMe, a leading SIEM tool, to gain hands-on experience with its key capabilities. This room provides an overview of Splunk’s core components like forwarders, indexers, and search heads and how they work together for log collection and analysis. It also covers fundamental Splunk concepts like ingesting sample VPN…
Scenario 1 (APT): The focus of this hands on lab will be an APT scenario and a ransomware scenario. You assume the persona of Alice Bluebird, the soc analyst who has recently been hired to protect and defend Wayne Enterprises against various forms of cyberattack. In this scenario, reports of the below graphic come in…