Build Your Own Simple Data Collection Tool From Endpoint

After a cyber incident, data must be collected to investigate and protect evidence. Collecting data is sensitive process, should not cause the target to collapse and data corruption. Therefore, We need to make minimum changes on the target system while collecting data. It is necessary to automate the collection process to avoid situations like dataRead More

Attacking Detection

Attacking SIEM with Fake Logs

In order to ensure to cyber security of an organization, the logs of the systems it owns must be collected, analyzed and repeated continuously. For provide the continuous of the process, monitoring systems can be installed. The fact that what is happening inside is being followed reduces the attack area of ​​the attackers. But itRead More


WriteUp SOC101 – Phishing Mail Detected – EventID 8

First of all, I take a look at the alarms on the Monitoring page and choose one to review. I selected the “Phishing mail detected” alarm and press the “+” button to view the details. As seen in the device action section, the mail has reached the end user. I’m starting to investigate by forwardingRead More

Detection Phishing

How to Investigate Phishing Campaigns?

Phishing attack is a type of attack aimed at stealing personal data of the user in general by clicking on malicious links to the users via email or running malicious files on their computer. Phishing attacks correspond to the “Delivery” phase in the Cyber ​​Kill Chain model created to analyze cyber attacks. The delivery stageRead More

Detection Python

Reputation Based Detection with Python

The purpose of the reputation based detection systems is detecting low reputation behaviors (Low reputation file opening, requesting IP address). The suspicious situation will be noticed when requesting low reputation IP address within a network using this system. I will show basically how to create reputation based detection system. I’ll use 3rd party resources forRead More