This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
============================================================================ | |
The kill-chain model, originally developed by Lockheed Martin as the Cyber Kill Chain, is a framework that helps Security Operations Center (SOC) engineers analyze cyberattacks in a structured way. It breaks down an attack into stages, allowing SOC engineers to understand, detect, and respond effectively. | |
How a SOC Engineer Uses the Kill-Chain Model | |
SOC engineers use the kill-chain model to: | |
Detect Threats Earlier: By recognizing attack patterns at different stages, they can stop an attack before it progresses. | |
Improve Incident Response: Helps prioritize threats based on their progression within the chain. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#====================================================================== | |
Simulated Detection Scenarios | |
Falco – Chmod 777 | |
Scenario: Attacker gives full permissions to a sensitive file. | |
Simulate: | |
touch /tmp/test.sh && chmod 777 /tmp/test.sh |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#====================================================================== | |
Part 2: Simulated Detection Scenarios | |
✅ Wazuh – File Integrity Monitoring | |
Scenario: Someone modifies /etc/passwd. | |
Simulate: | |
echo "#TEST123" >> /etc/passwd |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#====================================================================== | |
To make an informed decision on purchasing an XDR product, you need a structured approach to evaluating vendors and ensuring the solution meets your security needs. Here's how you can organize the process effectively: | |
1. Define Evaluation Goals & Success Criteria | |
Establish clear objectives for adopting an XDR solution (e.g., better threat detection, improved response automation). | |
Identify key security gaps that need addressing. | |
Define measurable success criteria for the evaluation (e.g., ease of integration, accuracy of threat detection, response time). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#=================================================================================================================================== | |
What does a Holistic Approach in PAM involve? | |
Comprehensive User Access Control | |
Not only managing privileged users, but also regular employees, third-party contractors, and automated system accounts. | |
Example: Instead of just securing admin accounts, PAM also tracks access for interns, vendors, and service accounts across all systems | |
Integration with Other Systems |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To uninstall the CAT (Configuration Assistant Tool) installer from eduroam on Windows 10 | |
PS: | |
The CAT installer itself usually configures the network and installs certificates but does not stay as a running application, so it often doesn’t show up in Programs | |
Remove eduroam from Windows | |
https://servicedesk.msstate.edu/TDClient/45/Portal/KB/ArticleDet?ID=1625 | |
Method 1: Using Windows Settings (Recommended) | |
Uninstalling the eduroam CAT Installer Configuration |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#=================================================================================================================================== | |
Base64-Encoded C2 Domain: Explanation & Examples | |
What is Base64 Encoding? | |
Base64 is a method of encoding binary data into ASCII text, often used to obfuscate malicious commands, URLs, or payloads to evade detection. | |
Why Do Attackers Use Base64 for C2 Communication? | |
Evasion: Many security tools scan for known malicious domains in plaintext. | |
Obfuscation: Makes malicious traffic harder to identify in logs. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#=================================================================================================================================== | |
Analyzing cyber incidents, attack patterns, and TTPs (Tactics, Techniques, and Procedures) of threat actors. | |
Working with SIEM tools for log analysis and real-time threat detection | |
Investigating security breaches, malware analysis, and intrusion detection. | |
Utilizing MITRE ATT&CK / Cyber Kill Chain, threat intelligence feeds / MISP, and OSINT to map threats to vulnerabilities | |
Working as incident response and with legal inquiries |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#===================================================================== | |
Dorking is the practice of crafting advanced search queries to uncover publicly available but sensitive information. URLscan.io allows users to filter through indexed scans using Lucene-based query syntax | |
Examples: | |
page.domain:example.com → Searches all scans related to example.com | |
page.ip:192.168.1.1 → Finds all URLs hosted on this IP | |
2. Common URLscan Dorking Queries | |
a) Finding Open Admin Panels |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#=================================================================================================================================== | |
Kaggle is a fantastic platform for data science competitions, datasets, and learning. Here are some other online websites similar to Kaggle, offering various resources for data scientists, machine learning engineers, and AI enthusiasts: | |
Competition Platforms: | |
DrivenData: Focuses on social good challenges, often with real-world impact. | |
Analytics Vidhya: Hosts data science competitions, hackathons, and learning resources, particularly strong in the Indian data science community. | |
AIcrowd: A platform for AI challenges and competitions, with a focus on reproducibility and open-source contributions. | |
CodaLab: A platform for hosting competitions and evaluating machine learning models, often used by academic researchers. | |
Topcoder: Offers a variety of challenges, including data science, design, and development. |
NewerOlder