Category: SIEM

Categories
Attacking Cyber Security Detection Incident Response SIEM

Exploitation & Analysis of Apache OFBiz Zero-Day Vulnerabilities: CVE-2023-49070 & CVE-2023-51467

A Red & Blue Team Perspective on Remote Code Execution (RCE) Analysis In this blog article, we discuss CVE-2023-51467, a zero-day SSRF vulnerability in Apache OFBiz. This vulnerability arises from an incomplete patch for CVE-2023-49070, a pre-authenticated RCE flaw. As you read you will also learn: Vulnerability:             CVE-2023-49070 &Read More

Categories
SIEM

LetsDefend Giveaway Results – 19 October 2023

We’re thrilled to announce the winners of our exciting Kahoot event! LetsDefend is all about coming together to learn and have fun, and this giveaway was no exception. We received an overwhelming response, and we appreciate all of you for participating and making this event a success. After a random selection process, we are proudRead More

Categories
SIEM

Zero Trust, The Model We Need

With the pandemic period, the importance of carrying out daily work over the Internet increases and money flow is now through virtual systems. Considering this situation as an opportunity, cyber threat actors are constantly carrying out cyber attacks that are more complex, harder to detect and resulting in large financial/reputation losses. We are getting theRead More

Categories
Detection SIEM

Process Injection Detection with Sysmon

In this article, we will explain what the process injection technique is and how it can be detected with Sysmon. What is Process Injection? To put it simply, a process running code in the address space of another process is called process injection. Attackers and malware often make use of the “Process Injection” technique. ThanksRead More

Categories
Detection SIEM

How to Create Incident Response Plan?

What is incident response? Incident response is an approach to managing a security incident process. An incident response plan is needed to approach security incidents systematically. A successful incident response plan includes the following 6 stages: 1- Preparation 2- Identification 3- Scope 4- Eradication 5- Recovery 6- Lessons Learned If you want to practice eventRead More

Categories
SIEM

How to Collect Log for SIEM?

Log Collection In this article, basically explained log collection for SIEM. It contains a basic log, time, source system and a message. For example, when we look at the content of the “/var/log/auth.log” file on an Ubuntu server, we can see the source, time and message information. Logs are generally collected in the following 2Read More

Categories
SIEM

Build Your Own Simple Data Collection Tool From Endpoint

After a cyber incident, data must be collected to investigate and protect evidence. Collecting data is sensitive process, should not cause the target to collapse and data corruption. Therefore, We need to make minimum changes on the target system while collecting data. It is necessary to automate the collection process to avoid situations like dataRead More