all InfoSec news
Analyzing Attacker Recon to Malware Installation - TryHackMe Incident Handling with Splunk (Part 1)
April 1, 2024, noon | CYBERWOX
Day Cyberwox www.youtube.com
Room: https://tryhackme.com/room/splunk201
TIMESTAMPS:
00:00 Intro
00:40 Scenario
01:25 Splunk
01:43 Orienting Ourselves With The Data
04:28 Investigating Reconnaissance
13:02 The Suricata Alert
13:47 The Content Management System (CMS)
14:22 The Web Scanner
14:53 The Compromised Server
15:41 Investigating Exploitation
26:52 Extracting Credentials using Regex
28:34 Understanding The Regex
31:20 The User Agent
33:09 The URI
33:20 The Username
34:05 The Password
34:47 Unique Passwords
35:06 Splunk Uniq Command?
36:15 Dedup!
36:46 The Bruteforcing IP
37:04 …
agent alert cms compromised credentials data exploitation management management system password reconnaissance regex scanner scenario server splunk suricata system the web timestamps understanding uri username web
More from www.youtube.com / Day Cyberwox
Asking Ex-Helpdesks How To Transition Into Cybersecurity
3 days, 8 hours ago |
www.youtube.com
The Best Path To Cybersecurity #cybersecurity
1 week, 4 days ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Engineer
@ Commit | San Francisco
Trainee (m/w/d) Security Engineering CTO Taskforce Team
@ CHECK24 | Berlin, Germany
Security Engineer
@ EY | Nicosia, CY, 1087
Information System Security Officer (ISSO) Level 3-COMM Job#455
@ Allen Integrated Solutions | Chantilly, Virginia, United States
Application Security Engineer
@ Wise | London, United Kingdom