Investigate Attack Patterns using SIEM, Sysmon Utility and MITRE ATT&CK
-
Updated
Aug 30, 2023
Investigate Attack Patterns using SIEM, Sysmon Utility and MITRE ATT&CK
When conducting an investigation on a Windows machine there are 8 phase to go through, today we’ll discuss the first ‘Collecting Volatile Information’, and the rest will be explained in future topics
Useful Wire shark command for threat hunting
Starting your first threat hunting
DNS Incident Response
Make CA root server and Certificate for web Server with openssl Script.
making a Tunnel between two VPS that one of which is in Iran and another VPS occur on a foreign country and send the traffics to a foreign data center and use free internet. with this bash script, you can make a tunnel between two servers
make valid SSL with acme
Adversaries commonly abuse the Local Security Authority Subsystem Service (LSASS) to dump credentials for privilege escalation, data theft, and lateral movement. The process is a fruitful target for adversaries because of the sheer amount of sensitive information it stores in memory.
13 Essential Things to Know about PowerShell Download Cradles
All About Me.
The Elastic stack (ELK) powered by Docker and Compose.
Active Directory Auditing Best Practices
Apache2 Modsecurity
Windows Event Log Analysis & Incident Response Guide
Add a description, image, and links to the cyberred topic page so that developers can more easily learn about it.
To associate your repository with the cyberred topic, visit your repo's landing page and select "manage topics."