Author: Admin

Categories
Detection

Introduction to Event Log Analysis

Introduction to Event Log Event Log During an investigation, Event Logs are tracked because they have a comprehensive form of activities. The “Event Viewer” tool can be used to simply examine the logs. It is often possible to obtain the following evidence with event log analysis:-Service start, stop-RDP activity-Changing user privileges-Failed login activities These actionsRead More

Categories
Detection Malware

How Hackers Create Bitcoin Mining Network?

In this article, we will talk about the hackers who set up a Bitcoin mining network. We created a fake e-commerce website in hopes of seeing an interesting situation. Then,  we wrote a C # application that will send me the applications, processes and software installed on the device as an e-mail, when it isRead More

Categories
SIEM

Zero Trust, The Model We Need

With the pandemic period, the importance of carrying out daily work over the Internet increases and money flow is now through virtual systems. Considering this situation as an opportunity, cyber threat actors are constantly carrying out cyber attacks that are more complex, harder to detect and resulting in large financial/reputation losses. We are getting theRead More

Categories
Attacking Detection

How to Build Your Own Cybersecurity Test Lab?

There are 3 main requirements to create a cyber security lab environment. These are: Test environment Attack simulation Detection tools In this article, we have listed free tools / resources that you can use to create your own lab environment. Additionally, if you are looking for a blue team online lab, you can visit letsdefend.ioRead More

Categories
Detection SIEM

How to Create Alert for SIEM?

We have collected, processed and stored logs up to this point. Now, we need to detect abnormal behavior using the data we have and generate alerts. If you did not read old posts, you can check it: How to Collect Log for SIEM? SIEM Log Aggregation and Parsing You can find some alerts and tryRead More

Categories
SIEM

SIEM Log Aggregation and Parsing

The first place where the generated logs are sent is the log aggregator. We can edit the logs coming here before sending them to the destination. For example, if we want to get only status codes from a web server logs, we can filter among the incoming logs and send only the desired parts toRead More

Categories
Detection SIEM

Process Injection Detection with Sysmon

In this article, we will explain what the process injection technique is and how it can be detected with Sysmon. What is Process Injection? To put it simply, a process running code in the address space of another process is called process injection. Attackers and malware often make use of the “Process Injection” technique. ThanksRead More

Categories
Detection SIEM

How to Create Incident Response Plan?

What is incident response? Incident response is an approach to managing a security incident process. An incident response plan is needed to approach security incidents systematically. A successful incident response plan includes the following 6 stages: 1- Preparation 2- Identification 3- Scope 4- Eradication 5- Recovery 6- Lessons Learned If you want to practice aboutRead More

Categories
Detection Malware

29 Addresses to Analyze Malware Faster

We constantly spend time analyzing malware. We have listed 29 addresses that can be useful for blue team members to use time more effectively: Anlyz Any.run Comodo Valkyrie Cuckoo Hybrid Analysis Intezer Analyze SecondWrite Malware Deepview Jevereg IObit Cloud BinaryGuard BitBlaze SandDroid Joe Sandbox AMAaaS IRIS-H Gatewatcher Intelligence Hatching Triage  InQuest Labs Manalyzer SandBlast AnalysisRead More

Categories
Detection Malware

Which Approach Should You Choose When Analyzing Malware?

If you work in the defensive field, analyzing malware becomes part of your job. In this article, we will discuss with which approaches you can analyze malware and the advantages / disadvantages of these approaches to each other. There are 2 different approaches to analyzing malware. Static Analysis Dynamic Analysis What is Static Analysis? ItRead More