Tag feed

#alert-triage

3 posts·0 followers

Articles Threads

Search Hashnode

Search posts, tags, users, and pages

#alert-triage | Hashnode

Tag feed

#alert-triage

3 posts·0 followers

Articles Threads

RRridesh raju bijweinrideshcyber.hashnode.dev

SOC164 – Suspicious Mshta Behavior Walkthrough (EventID:114)

Feb 22 · 4 min read · Today we’re investigating another LetsDefend alert: SOC164 – Suspicious Mshta Behavior This alert focuses on detecting suspicious usage of a legitimate Windows binary often abused by attackers. 🔎 Al

Join discussion

RRridesh raju bijweinrideshcyber.hashnode.dev

SOC335 – CVE-2024-49138 Exploitation Detected Walkthough (EventID: 313)

Feb 13 · 3 min read · Today we are going to investigate another LetsDefend alert:SOC335 – CVE-2024-49138 Exploitation Detected. This alert is more serious than the usual login or brute-force alerts because it involves a known vulnerability and possible exploitation on a h...

Join discussion

RRridesh raju bijweinrideshcyber.hashnode.dev

🛑 SOC211 – Utilman.exe Winlogon Exploit Attempt Walkthrough

Feb 2 · 3 min read · 📌 Alert Overview In this investigation, we analyze SOC211 – Utilman.exe Winlogon Exploit Attempt, an alert indicating abuse of a Windows built-in binary (LOLBin) to achieve persistence and privilege escalation on a compromised host. The alert highl...

Join discussion

CCyberwizardinwizard-school.hashnode.dev

Building a Mini SOC Lab: SSH Authentication Triage Using Journald and Python

Jan 26 · 4 min read · One of the main tasks I expect to handle as a SOC analyst is reviewing authentication logs -looking for failed login attempts, picking up on patterns like brute-force or username spraying, and figuring out whether something is just a user mistyping t...

Join discussion