Igor_sec's Blog
Hello! Welcome to my blog where I post write-ups for CTF challenges.
Tag: thm
-
TryHackMe | Splunk: Basics
In this post, I’ll explore Splunk with TryHackMe, a leading SIEM tool, to gain hands-on experience with its key capabilities. This room provides an overview of Splunk’s core components like forwarders, indexers, and search heads and how they work together for log collection and analysis. It also covers fundamental Splunk concepts like ingesting sample VPN…
-
TryHackMe | ItsyBitsy
In this write-up, I’ll utilize the ELK stack knowledge I obtained from the previous room to investigate a potential malware infection. By going through a mock incident, utilizing real-world data sources such as proxy logs, I will gain hands-on practice in core techniques like event correlation, pivoting to an an IP address to find other…
-
TryHackMe | Investigating with ELK 101
This writeup explores the use of the ELK Stack for investigating logs and identifying unusual patterns. The Elastic Stack, comprising Elasticsearch, Logstash, Kibana, and Beats, facilitates the aggregation, processing, analysis, and visualization of data. The focal point is Kibana, which empowers analysts to interactively search, filter, and visualize data stored in Elasticsearch indices. Key topics…
-
TryHackMe | Introduction to SIEM
This my write-up for TryHackMe‘s Introduction to SIEM, which provides an overview of what SIEM is, its significance, and how it works. I will explore fundamental concepts such as network visibility, log sources, and the analysis of logs and alerts. My objective is to understand how SIEM protects networks and data, offering improved visibility, faster threat…
-
Sysmon | TryHackMe
This is my write-up on TryHackMe’s Sysmon room. Task 1: Introduction It is highly recommended that the Windows Event Log room be completed before attempting this room, as the foundational knowledge on windows events will help us navigate this room. In addition, we will be utilizing the tools we learned in the room. Moving on,…
-
Windows Event Logs | TryHackMe
This is my write-up on THM’s Windows Event Logs Room. Task 1: What are event logs? Event logs essentially contain the records of events or activities that have transpired in a machine or host, that would help system administrators, IT technicians, etc, audit and trouble shoot issues in the system. But for blue teams, windows…
-
Preventing Attacks with Snort
Snort Challenge – Live Attacks | TryHackMe Task 1: Introduction So far, we have been only detecting alerts with the rules that we have created. In this room, we are going to stop malicious activities from exploiting a host. If you have not completed the other Snort rooms, it is highly suggested that you complete…
-
Snort Challenge — The Basics : TryHackMe
Put your snort skills into practice and write snort rules to analyse live capture network traffic. Task 1: Introduction The room invites you a challenge to investigate a series of traffic data and stop malicious activity under two different scenarios. Let’s start working with Snort to analyse live and captured traffic. We recommend completing the…
-
Snort | TryHackMe
SNORT is an open-source, rule-based Network Intrusion Detection and Prevention System (NIDS/NIPS). It was developed and still maintained by Martin Roesch, open-source contributors, and the Cisco Talos team. The official description: “Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious…
-
TryHackMe | NetworkMiner
Learn how to use NetworkMiner to analyse recorded traffic files and practice network forensics activities. NetworkMiner is an open-source traffic sniffer, pcap handler and protocol analyser. Developed and still maintained by Netresec. The official description; “NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS…
Igor_sec's Blog 