Tag feed

#blueteam

203 posts22 followers

Explore Hashnode

Alternatives

Trending tags this week

JJJeji Jamesjeji-james.hashnode.dev2d ago · 3 min read

Catching a Ping: Setting Up Suricata IDS to Detect ICMP Traffic

If you've ever wondered how network defenders actually "see" an attack happening in real time, this lab is a good first taste of it. I set up Suricata, an open-source Intrusion Detection System (IDS),

0

KDKajal Dhanjalkajalbuilds.hashnode.dev2d ago · 9 min read

Building a Sentinel Detection Lab, Part 5: MFA Registration, a Missing License, and the First Detection That Talks Back

https://github.com/Kajal-Dhanjal/sentinel-detection-lab Part 4 ended on this note: moving off the endpoint entirely and into identity, starting with attackers registering their own MFA methods on com

0

KDKajal Dhanjalkajalbuilds.hashnode.dev2d ago · 6 min read

Building a Sentinel Detection Lab, Part 4: Catching Reconnaissance — and the Case-Sensitivity Bug That Made It Look Broken

https://github.com/Kajal-Dhanjal/sentinel-detection-lab This is Part 4 of the series where I build a Microsoft Sentinel detection engineering lab from scratch and write down what actually happened —

0

TATameem Amjadlabsx.hashnode.devJun 15 · 10 min read

KG Distribution

I Solved 13Cubed's KG Distribution Memory Forensics Lab - Here's the Full Walkthrough Hunting a Sliver C2 implant through a VMware memory dump with MemProcFS, one artifact at a time. The two memory

0

KDKajal Dhanjalkajalbuilds.hashnode.devJun 15 · 7 min read

Building a Sentinel Detection Lab, Part 1: Catching Brute Force (and the Bug That Flagged the Wrong Account)

Part 1 of a series on building a detection engineering lab in Microsoft Sentinel from scratch. This post: writing my first detection, and the parsing bug that taught me more than the detection itself.

0

KDKajal Dhanjalkajalbuilds.hashnode.devJun 15 · 4 min read

Building a Sentinel Detection Lab, Part 2: Suspicious PowerShell, and Why Some Detections Need No Threshold

Part 2 of a series on building a detection engineering lab in Microsoft Sentinel. This post: hunting malicious PowerShell with Sysmon, and the difference between volume detections and signature detect

0

MCMilan Curguzmilancurguz.hashnode.devJun 11 · 9 min read

What is Blue Team in Cyber Security?

1. Intro People often associate the term cybersecurity with cool movie scenes of hackers staring at screens full of green letters while typing extremely fast on a keyboard. Of course, in real life, it

0

TSTech Skill Schooltechskillschool.hashnode.devJun 10 · 7 min read

Start Your SOC Journey with SOC Analyst Training 101

In today’s digital landscape, cyber threats are evolving at an unprecedented pace. From ransomware attacks targeting critical infrastructure to sophisticated phishing campaigns and advanced persistent

0

SSSakshi Singhthinksecure.hashnode.devJun 7 · 9 min read

What Are Security Alerts and False Positives?

In Part 7, I finally understood how SIEM works. It collects logs. Normalizes them. Runs rules. And when something matches, it creates an alert. That alert lands in the analyst's queue. And I thought .

0

MSMephisto spirit of the Devilm3ph15t0o-blog.hashnode.devJun 4 · 3 min read

From Misconceptions to Mistakes: How Real Cyber Attacks Begin and Why Beginners Struggle in Cybersecurity

Introduction When people first imagine cybersecurity, the picture is often dramatic. Fast-paced hacking scenes, dark terminals, and instant system takeovers. But in real environments like SOC operatio

0

#blueteam

Search Hashnode

#blueteam

Explore Hashnode

Trending tags this week

Catching a Ping: Setting Up Suricata IDS to Detect ICMP Traffic

Building a Sentinel Detection Lab, Part 5: MFA Registration, a Missing License, and the First Detection That Talks Back

Building a Sentinel Detection Lab, Part 4: Catching Reconnaissance — and the Case-Sensitivity Bug That Made It Look Broken

KG Distribution

Building a Sentinel Detection Lab, Part 1: Catching Brute Force (and the Bug That Flagged the Wrong Account)

Building a Sentinel Detection Lab, Part 2: Suspicious PowerShell, and Why Some Detections Need No Threshold

What is Blue Team in Cyber Security?

Start Your SOC Journey with SOC Analyst Training 101

What Are Security Alerts and False Positives?

From Misconceptions to Mistakes: How Real Cyber Attacks Begin and Why Beginners Struggle in Cybersecurity