In this lab, I designed and implemented a virtual environment leveraging Microsoft Azure to simulate a basic Security Information and Event Management (SIEM) & Security Orchestration, Automation, and Response (SOAR) system, using Microsoft Sentinel. Key components of the lab include: Azure For this lab, we will set up a basic home SOC in Azure from […]
Microsoft Sentinel SIEM & SOAR Lab Read More »
Malicious document files are really popular nowadays. Typically, attackers use these files to infiltrate and compromise endpoints and networks. Threat actors have taken advantage of documents by using macros to conduct malicious practices. In this post, we will discuss and analyze malicious documents and uncover hidden indicators of compromise (IOCs). Table of Content What’s a
Malicious Document Analysis Read More »
In this post, we will walk-through the PS Eclipse room on TryHackMe. This room covers investigating a ransomware activity on a compromised machine. We will go over what exactly is a ransomware for anyone that may not be familiar with the term. A Ransomware is a type of malware (malicious software) that encrypts files and
BlackSun Ransomware Investigation with Splunk (PS Eclipse Tryhackme) Read More »
In this post, we will investigate a ransomware incident with a popular SIEM tool, Splunk. Splunk is a cybersecurity technology that provides a single, streamlined view of your data, insight into security activities, and operational capabilities so you can stay ahead of cyber threats. This enables organizations and security teams to detect, analyze, and respond
Conti Ransomware Investigation with Splunk Read More »
