Category: Detection

Categories
Cyber Security Detection SOC Analyst

Network Forensics: Log Sources

The network is a path to target systems for attackers. This path is divided into 2 sections: Paths inside the organization and the interface that faces outside the organization. Network connections between the devices facing the external interface of the institution and network connections of the devices within the institution are critical for attack detectionRead More

Categories
Cyber Security Detection SOC Analyst

Log Sources for Digital Forensics: Windows and Linux

SOC analysts obtain information on operating systems and analyze these logs in order to detect an attack and reveal the details about the attack. In this article, we will discuss which operating systems are encountered by SOC analysts and the logs that can be examined through these systems. Operating System Fundamentals for the Analyst WhenRead More

Categories
Detection Malware

How to Analyze RTF Template Injection Attacks

Proofpoint security researchers state that cyber attack groups have adopted a new technique called “RTF Template Injection” and reported that this technique has a low detection rate. It is also included in the report that phishing attacks were carried out on many institutions with the help of RTF Template Injection technique in 2021 by cyberRead More

Categories
Attacking Detection News

How to Create Home Lab for Log4j Exploit

Log4j RCE vulnerability is a popular vulnerability that everyone has probably heard of recently. For those wondering how the exploit of this vulnerability works and for those who want to test in a home environment, we will show you how to quickly set up a vulnerable lab for blue team members. Not much technical detailsRead More

Categories
Detection News

New Incident Responder Plan

In 2021 Cyber Monday, we will implement our Incident Responder module, where security analysts can add the necessary technical and practical knowledge to guide the steps towards becoming an incident responder, and where incident responders can improve themselves and sharpen their skills on current threats. We understand better that there is no 100% security byRead More

Categories
Detection

Introduction to Event Log Analysis

Introduction to Event Log Event Log During an investigation, Event Logs are tracked because they have a comprehensive form of activities. The “Event Viewer” tool can be used to simply examine the logs. It is often possible to obtain the following evidence with event log analysis:-Service start, stop-RDP activity-Changing user privileges-Failed login activities These actionsRead More

Categories
Detection Malware

How Hackers Create Bitcoin Mining Network?

In this article, we will talk about the hackers who set up a Bitcoin mining network. We created a fake e-commerce website in hopes of seeing an interesting situation. Then,  we wrote a C # application that will send me the applications, processes and software installed on the device as an e-mail, when it isRead More

Categories
Attacking Detection

How to Build Your Own Cybersecurity Test Lab?

There are 3 main requirements to create a cyber security lab environment. These are: Test environment Attack simulation Detection tools In this article, we have listed free tools / resources that you can use to create your own lab environment. Additionally, if you are looking for a blue team online lab, you can visit letsdefend.ioRead More

Categories
Detection SIEM

How to Create Alert for SIEM?

We have collected, processed and stored logs up to this point. Now, we need to detect abnormal behavior using the data we have and generate alerts. If you did not read old posts, you can check it: How to Collect Log for SIEM? SIEM Log Aggregation and Parsing You can find some alerts and tryRead More

Categories
Detection SIEM

Process Injection Detection with Sysmon

In this article, we will explain what the process injection technique is and how it can be detected with Sysmon. What is Process Injection? To put it simply, a process running code in the address space of another process is called process injection. Attackers and malware often make use of the “Process Injection” technique. ThanksRead More