Splunk Use Cases (Part 4)

0
31- Create Remote Thread into LSASS Actors may create a remote thread into the LSASS service as part of a workflow to dump credentials. `sysmon` EventID=8 TargetImage=*lsass.exe | stats count...

Splunk Use Cases (Part 3)

0
21-Attempt To Add Certificate To Untrusted Store Adversaries may add their own root certificate to the certificate store, to cause the web browser to trust that certificate and not...

Live Cyber Forensics Analysis with Computer Volatile Memory

0
The field of computer Forensics Analysis involves identifying, extracting, documenting, and preserving information that is stored or transmitted in an electronic or magnetic form (that is, digital evidence). Forensics...

Splunk Use Cases (Part 2)

0
11- Basic TOR Traffic Detection Use firewall data to find TOR traffic on your network. index=network sourcetype=firewall_data app=tor src_ip=* | table _time src_ip src_port dest_ip dest_port bytes app   12- Measuring Storage I/O...

Splunk Use Cases (Part 1)

0
1- Windows Audit Log Tampering Check for any tampering done to Windows audit logs. index=__your_sysmon_index__ (sourcetype=wineventlog AND (EventCode=1102 OR EventCode=1100)) OR (sourcetype=wineventlog AND EventCode=104) | stats count by _time EventCode Message...

Intrusion Prevention System (IPS) In-depth Analysis – A Detailed Guide

0
Like an intrusion detection system (IDS), an intrusion prevention system (IPS) screens network traffic. An Intrusion Prevention System (IPS) is a framework that screens a network for evil...

Configuring the MariaDB Audit Logs for Database Security

0
There are different ways to keep your data safe. Practices such as controlling database access, securing configuration, upgrading your system, and more are part of database security. MariaDB...

Lastest Post