Tag feed

#blue-team

12 posts28 followers

Explore Hashnode

Alternatives

Trending tags this week

JJJaewook Jungwoogi.me20h ago · 9 min read

Malware Analysis Fundamentals

When a hash hits VirusTotal with one detection out of seventy, that's not enough to call it malicious. When it hits zero, that's also not enough to call it clean. Malware analysis is the work that fil

0

JJJaewook Jungwoogi.meJun 6 · 8 min read

Threat Hunting Methodology

Most security tools are reactive. Alerts fire after a rule matches, and analysts triage. Threat hunting flips that: you assume something has already evaded the tools, and you go look for it. This post

0

JJJaewook Jungwoogi.meMay 25 · 8 min read

Wireshark: Traffic Analysis for IR

When a Snort alert fires or a NetFlow anomaly surfaces, the next question is always the same: what actually happened on the wire? Wireshark is the answer most blue teamers reach for. This post is a wo

0

JJJaewook Jungwoogi.meMay 18 · 7 min read

Network Security: IDS/IPS and Snort

Network defense splits cleanly into two questions: what gets through the perimeter, and what do you do when something does? This post covers the second question. IDS, IPS, the detection techniques beh

0

JJJaewook Jungwoogi.meMay 16 · 9 min read

From FIX Sessions to SIEM Alerts: A Pre-SOC Career on the Trading Desk

I'm not a SOC analyst yet. I'm a Master of Cybersecurity student at RMIT, transitioning from a four-year career on a Korean securities trading desk where I owned the FIX-protocol connections to overse

0

RRridesh raju bijwerideshcyber.hashnode.devFeb 22 · 4 min read

SOC164 – Suspicious Mshta Behavior Walkthrough (EventID:114)

Today we’re investigating another LetsDefend alert: SOC164 – Suspicious Mshta Behavior This alert focuses on detecting suspicious usage of a legitimate Windows binary often abused by attackers. 🔎 Al

0

RRridesh raju bijwerideshcyber.hashnode.devFeb 15 · 4 min read

SOC176 – RDP Brute Force Detected Walkthrough (EventID: 234)

Today, we’re investigating another LetsDefend alert: SOC176 – RDP Brute Force Detected (EventID: 234). This alert focuses on suspicious Remote Desktop Protocol (RDP) activity that may indicate a brute force attack. 🔎 Alert Overview The alert det...

0

RRridesh raju bijwerideshcyber.hashnode.devFeb 2 · 3 min read

SOC138 – Detected Suspicious XLS File | SOC Alert Walkthrough

In this blog, I will walk through the investigation of SOC138 – Detected Suspicious XLS File, performed on the Letsdefend.io platform. The objective of this analysis is to identify whether the detected file is malicious, determine host impact, and va...

0

TSTarun Saitarunsai.hashnode.devSep 5, 2024 · 6 min read

Step By Step Guide to Deploying Elastic and Kibana on VULTR Clou

For day 2 we focused on understanding the benefits of using ELK stack. Elasticsearch is a database primarily used to store various types of logs, enabling users to search through the data. It utilizes a query language called ESQL and employs RESTful...

0

วแวีระชัย แย้มวจีpage2me.hashnode.devJun 21, 2024 · 1 min read

บลูทีม (Blue Team)

บลูทีม (Blue Team) บลูทีม (Blue Team) คืออะไร? บลูทีม (Blue Team) หมายถึง ทีมผู้เชี่ยวชาญด้านความปลอดภัยทางไซเบอร์ที่ทำหน้าที่ปกป้ององค์กรจากภัยคุกคามทางไซเบอร์ โดยเปรียบเสมือนฝ่ายรับมือกับเหล่าแฮกเกอร์ หน้าที่หลักของบลูทีม: ตรวจจับและวิเคราะห์ภัยคุ...

0

#blue-team

Search Hashnode

#blue-team

Explore Hashnode

Trending tags this week

Malware Analysis Fundamentals

Threat Hunting Methodology

Wireshark: Traffic Analysis for IR

Network Security: IDS/IPS and Snort

From FIX Sessions to SIEM Alerts: A Pre-SOC Career on the Trading Desk

SOC164 – Suspicious Mshta Behavior Walkthrough (EventID:114)

SOC176 – RDP Brute Force Detected Walkthrough (EventID: 234)

SOC138 – Detected Suspicious XLS File | SOC Alert Walkthrough

Step By Step Guide to Deploying Elastic and Kibana on VULTR Clou

บลูทีม (Blue Team)