githubfoam

============================================================================
The kill-chain model, originally developed by Lockheed Martin as the Cyber Kill Chain, is a framework that helps Security Operations Center (SOC) engineers analyze cyberattacks in a structured way. It breaks down an attack into stages, allowing SOC engineers to understand, detect, and respond effectively.
How a SOC Engineer Uses the Kill-Chain Model

SOC engineers use the kill-chain model to:

    Detect Threats Earlier: By recognizing attack patterns at different stages, they can stop an attack before it progresses.

    Improve Incident Response: Helps prioritize threats based on their progression within the chain.

githubfoam

#======================================================================
Simulated Detection Scenarios

Falco – Chmod 777

Scenario: Attacker gives full permissions to a sensitive file.

Simulate:

touch /tmp/test.sh && chmod 777 /tmp/test.sh

githubfoam

#======================================================================
Part 2: Simulated Detection Scenarios
✅ Wazuh – File Integrity Monitoring

Scenario: Someone modifies /etc/passwd.

Simulate:

echo "#TEST123" >> /etc/passwd

githubfoam

#======================================================================
To make an informed decision on purchasing an XDR product, you need a structured approach to evaluating vendors and ensuring the solution meets your security needs. Here's how you can organize the process effectively:

1. Define Evaluation Goals & Success Criteria

    Establish clear objectives for adopting an XDR solution (e.g., better threat detection, improved response automation).

    Identify key security gaps that need addressing.

    Define measurable success criteria for the evaluation (e.g., ease of integration, accuracy of threat detection, response time).

githubfoam

#===================================================================================================================================
What does a Holistic Approach in PAM involve?

    Comprehensive User Access Control

        Not only managing privileged users, but also regular employees, third-party contractors, and automated system accounts.

        Example: Instead of just securing admin accounts, PAM also tracks access for interns, vendors, and service accounts across all systems
        
Integration with Other Systems

githubfoam

To uninstall the CAT (Configuration Assistant Tool) installer from eduroam on Windows 10

PS:
The CAT installer itself usually configures the network and installs certificates but does not stay as a running application, so it often doesn’t show up in Programs

Remove eduroam from Windows 
https://servicedesk.msstate.edu/TDClient/45/Portal/KB/ArticleDet?ID=1625

Method 1: Using Windows Settings (Recommended)
Uninstalling the eduroam CAT Installer Configuration

githubfoam

#===================================================================================================================================
Base64-Encoded C2 Domain: Explanation & Examples
What is Base64 Encoding?

Base64 is a method of encoding binary data into ASCII text, often used to obfuscate malicious commands, URLs, or payloads to evade detection.
Why Do Attackers Use Base64 for C2 Communication?

    Evasion: Many security tools scan for known malicious domains in plaintext.

    Obfuscation: Makes malicious traffic harder to identify in logs.

githubfoam

#===================================================================================================================================
Analyzing cyber incidents, attack patterns, and TTPs (Tactics, Techniques, and Procedures) of threat actors.

Working with SIEM tools for log analysis and real-time threat detection

Investigating security breaches, malware analysis, and intrusion detection.

Utilizing MITRE ATT&CK / Cyber Kill Chain, threat intelligence feeds / MISP, and OSINT to map threats to vulnerabilities

Working as incident response and with legal inquiries

githubfoam

#=====================================================================
Dorking is the practice of crafting advanced search queries to uncover publicly available but sensitive information. URLscan.io allows users to filter through indexed scans using Lucene-based query syntax
Examples:

    page.domain:example.com → Searches all scans related to example.com
    page.ip:192.168.1.1 → Finds all URLs hosted on this IP

2. Common URLscan Dorking Queries
a) Finding Open Admin Panels

githubfoam

#===================================================================================================================================
Kaggle is a fantastic platform for data science competitions, datasets, and learning. Here are some other online websites similar to Kaggle, offering various resources for data scientists, machine learning engineers, and AI enthusiasts:

Competition Platforms:

    DrivenData: Focuses on social good challenges, often with real-world impact.
    Analytics Vidhya: Hosts data science competitions, hackathons, and learning resources, particularly strong in the Indian data science community.
    AIcrowd: A platform for AI challenges and competitions, with a focus on reproducibility and open-source contributions.
    CodaLab: A platform for hosting competitions and evaluating machine learning models, often used by academic researchers.
    Topcoder: Offers a variety of challenges, including data science, design, and development.