Logo

Testlab

  • Security information and event management tools
  • Threat intelligence tools
  • Threat hunting tools
  • Vulnerability management tools

Notes

  • Introduction
    • What?
    • Why?
    • How?
  • Incident prevention
    • Risk assessments
    • Host security
    • Network security
    • Malware prevention
    • User awareness training
  • Threat intelligence lifecycle
    • Direction
    • Collection
    • Processing
    • Analysis
    • Dissemination
    • Feedback
  • Pyramid of pain
    • Hash Values
    • IP Addresses
    • Domain Names
    • Network & Host Artifacts
    • Tools
    • Tactics, Techniques & Procedures
    • Resources
  • Cyber kill chain
    • Reconnaissance
    • Weaponisation
    • Delivery
    • Exploitation
    • Installation
    • Command & Control
    • Actions on Objectives
    • Resources
  • MITRE ATT&CK framework
    • Initial access
    • Execution
    • Persistence
    • Privilege escalation
    • Defence evasion
    • Credential access
    • Discovery
    • Lateral movement
    • Collection
    • Exfiltration
    • Impact
    • Resources
  • Unified kill chain
    • Resources
  • Diamond model
    • Adversary
    • Capability
    • Infrastructure
    • Victim
    • Centered approaches
    • Meta features
    • Social political
    • Technology
    • Resources
  • Incident handling (NIST)
    • Preparation
      • Communications
      • Containment strategies
      • Hardware and software
      • Analysis resources
      • Mitigation software
    • Detection and analysis
    • Containment, eradication, and recovery
      • Containment
      • Identifying the attacking hosts
      • Eradication
      • Recovery
    • Post-incident activity
    • Resources
  • Standards of communication
    • TAXII
    • STIX
    • Attack trees
  • SIEM stack
    • Tools and architecture
    • SIEM stack requirements
      • Log ingestion
      • Log analysis
      • Backend storage
      • Visualisation
      • Intelligence enrichment
      • Case management
      • Automate
      • Investigation
      • Health monitoring
    • Testlab
      • Wazuh
    • Testlab
  • Threat hunting
    • Proactive threat hunting
    • Threat hunting steps

Code

  • Developing IPA project SIEM Stack

An investigation with Splunk

  • Introduction
    • What?
    • Why?
    • How?
  • I am really not batman
    • Cyber Kill Chain
  • Reconnaissance phase
    • Questions
  • Exploitation phase
    • Count
    • Questions
    • Extracting username and passwd fields using Regex
    • Questions
  • Installation phase
    • Was this file executed on the server after being uploaded?
    • Questions
  • Action on objectives
    • Questions
  • Command and control phase
    • Questions
  • Weaponisation phase
    • Tools used
    • Questions
  • Delivery phase
    • OSINT sites
    • Questions

TryHackMe rooms

  • Introduction
    • What?
    • Why?
    • How?
  • VPN logs
  • ItsyBitsy
    • Scenario
    • Questions
  • Investigating with Splunk
    • Questions
  • Benign
    • Questions
  • CaddyWiper and APT37
  • Zerologon
    • Analysing the MS-NRPC logon process
    • Instantly Become Domain Admin
    • Resources

CyberDefenders challenges

  • Introduction
    • What?
    • Why?
    • How?
  • GrabThePhisher
    • Scenario
    • Tools used
    • Questions
  • L’espion
    • Scenario
    • Tools used
    • Questions
  • Intel101
    • Scenario
    • Tools used
    • Questions
  • CaseVegas
    • Scenario
    • Instructions:
    • Tools used
    • Questions
  • CyberCorp Case 2
    • Scenario
    • Resources
    • Tools
    • Setting up
    • Questions

Boss of the SOC v2

  • Introduction
    • What?
    • Why?
    • How?
  • Data dive
    • BOTSv2 Dataset
    • Persona
    • Events
    • Resources
  • Web activity investigation
  • Detecting SQL and XSS web application attacks
  • USB attack investigation
  • Investigating FTP

Resources

  • Introduction
    • What?
    • Why?
    • How?
  • Threat maps
  • Feeds
  • Blogs
  • Reports
  • Marketplaces
Security information and event management (SIEM)
  • Ty Myrddin Home
  • Unseen University
  • Improbability Blog
  • About
  • Contact

Introduction

What?

SIEM and threat intelligence/hunting notes.

Why?

Worth keeping/remembering.

How?

  • Incident prevention

  • Threat intelligence lifecycle

  • Pyramid of pain

  • Cyber kill chain

  • MITRE ATT&CK framework

  • Unified kill chain

  • Diamond model

  • Incident handling (NIST)

  • Standards of communication

  • SIEM stack

  • Threat hunting

Previous Next
Unseen University, 2024, with a forest garden fostered by /ut7.