Malicious document files are really popular nowadays. Typically, attackers use these files to infiltrate and compromise endpoints and networks. Threat actors have taken advantage of documents by using macros to conduct malicious practices. In this post, we will discuss and analyze malicious documents and uncover hidden indicators of compromise (IOCs). Table of Content What’s a …
In this post, we will walk-through the PS Eclipse room on TryHackMe. This room covers investigating a ransomware activity on a compromised machine. We will go over what exactly is a ransomware for anyone that may not be familiar with the term. A Ransomware is a type of malware (malicious software) that encrypts files and …
BlackSun Ransomware Investigation with Splunk (PS Eclipse Tryhackme) Read More »
In this post, we will investigate a ransomware incident with a popular SIEM tool, Splunk. Splunk is a cybersecurity technology that provides a single, streamlined view of your data, insight into security activities, and operational capabilities so you can stay ahead of cyber threats. This enables organizations and security teams to detect, analyze, and respond …
In this blog, we will discuss emails and a prominent cyber attack known as phishing. We will analyze an email to determine whether it was a phishing attempt. Tools used include PowerShell, HashCalc, Mozilla Thunderbird, VirusTotal and AbuseIPDB. What is Phishing Phishing is one of the biggest threats businesses face today. 36% of all data …
In this post, we will work on a TryHackMe challenge that focuses on malicious network traffic analysis. We will use Wireshark to investigate a PCAP network file to ascertain certain information that will help address an incident. Wireshark Wireshark is a widely used, open source network analyzer that can capture and display real-time details of …
This TryHackMe room is based on a Windows machine, in which we need to leverage common misconfiguration. A penetration test is the best way to verify that defenses and security processes are working correctly and if not, which is often the case, remediate them before it is too late. In this post, we will exploit …
Welcome back guys,In this article, we will explore how to set up a SIEM (Security Information and Event Management) lab environment where we will extract various log data and send it to our deployed SIEM for further analysis. This lab walks through the process of configuring, optimizing, and securing an IT infrastructure. This emulates a …
In my last post, we covered building an active directory lab using VMWare; this will be sort of a continuation. We will discuss PowerShell a little and use some scripts to execute tasks. Content What is PowerShell How to Create an AD User in PowerShell How to Create Multiple Users How to Create Multiple Users …
A Homelab is an environment in your home used to practice and improve your skills in a specific field. This home lab has components and tools similar to large-scale infrastructures. It’s a safe environment to work with these components and learn how they work. This post will briefly walk through how I set up my …
A Basic Home Lab Running Active Directory And Microsoft 365 Read More »
In my last post, I had covered the topic of troubleshooting and a little on the importance of troubleshooting, and we discussed built-in tools used to troubleshoot problems in Windows Systems. In this post, we are going to give some attention to the networking side of things. Networking plays a significant role in the world …
