Categories
Detection SIEM

Process Injection Detection with Sysmon

In this article, we will explain what the process injection technique is and how it can be detected with Sysmon. What is Process Injection? To put it simply, a process running code in the address space of another process is called process injection. Attackers and malware often make use of the “Process Injection” technique. ThanksRead More

Categories
Detection SIEM

How to Create Incident Response Plan?

What is incident response? Incident response is an approach to managing a security incident process. An incident response plan is needed to approach security incidents systematically. A successful incident response plan includes the following 6 stages: 1- Preparation 2- Identification 3- Scope 4- Eradication 5- Recovery 6- Lessons Learned If you want to practice eventRead More

Categories
Detection Malware

29 Addresses to Analyze Malware Faster

We constantly spend time analyzing malware. We have listed 29 addresses that can be useful for blue team members to use time more effectively: Anlyz Any.run Comodo Valkyrie Cuckoo Hybrid Analysis Intezer Analyze SecondWrite Malware Deepview Jevereg IObit Cloud BinaryGuard BitBlaze SandDroid Joe Sandbox AMAaaS IRIS-H Gatewatcher Intelligence Hatching Triage  InQuest Labs Manalyzer SandBlast AnalysisRead More

Categories
Detection Malware

Which Approach Should You Choose When Analyzing Malware?

If you work in the defensive field, analyzing malware becomes part of your job. In this article, we will discuss with which approaches you can analyze malware and the advantages / disadvantages of these approaches to each other. There are 2 different approaches to analyzing malware. Static Analysis Dynamic Analysis What is Static Analysis? ItRead More

Categories
SIEM

How to Collect Log for SIEM?

Log Collection In this article, basically explained log collection for SIEM. It contains a basic log, time, source system and a message. For example, when we look at the content of the “/var/log/auth.log” file on an Ubuntu server, we can see the source, time and message information. Logs are generally collected in the following 2Read More

Categories
Detection

Resources of Getting Started in Cyber Security Analyst

We see that the need for soc analysts is constantly increasing in the rising defensive security industry. General skills that a successful security analyst should have are as follows: Netflow analysis Threat Intelligence Log Analysis Network Monitoring Network Security We’ve gathered free / paid resources that you can use to improve these skills. If thereRead More

Categories
SIEM

Build Your Own Simple Data Collection Tool From Endpoint

After a cyber incident, data must be collected to investigate and protect evidence. Collecting data is sensitive process, should not cause the target to collapse and data corruption. Therefore, We need to make minimum changes on the target system while collecting data. It is necessary to automate the collection process to avoid situations like dataRead More

Categories
Attacking Detection

Attacking SIEM with Fake Logs

In order to ensure to cyber security of an organization, the logs of the systems it owns must be collected, analyzed and repeated continuously. For provide the continuous of the process, monitoring systems can be installed. The fact that what is happening inside is being followed reduces the attack area of ​​the attackers. But itRead More

Categories
Writeup

WriteUp SOC101 – Phishing Mail Detected – EventID 8

First of all, I take a look at the alarms on the Monitoring page and choose one to review. I selected the “Phishing mail detected” alarm and press the “+” button to view the details. As seen in the device action section, the mail has reached the end user. I’m starting to investigate by forwardingRead More