#blueteam

Mar 7 · 4 min read · In this case study, I investigated a high-severity alert from the LetsDefend platform: SOC250 – APT35 HyperScrape Data Exfiltration Tool Detected This alert simulates activity associated with APT35, a

Join discussion

RRridesh raju bijwerideshcyber.hashnode.dev

0

⭐ SOC173 – Follina 0-Day Detected Walkthrough (EventID:123)

Mar 4 · 4 min read · A Malware Investigation Walkthrough | LetsDefend SOC Lab Today’s alert involves a well-known real-world vulnerability: Follina (CVE-2022-30190) – Microsoft Office Remote Code Execution Vulnerability S

Join discussion

MGMarios Grivasdefprotocol.hashnode.dev

0

The Ransomware Playbook: Anatomy of a Modern Attack

Mar 3 · 4 min read · Ransomware is no longer just about encrypting files and demanding payment. It has evolved into a structured, multi-stage operation that mirrors professional software development and organized business

Join discussion

RRridesh raju bijwerideshcyber.hashnode.dev

0

⭐ SOC239 – Remote Code Execution Detected in Splunk Enterprise Walkthrough (EventID: 201)

Mar 2 · 5 min read · A Real SOC Investigation | LetsDefend Walkthrough Today’s alert is a serious one: ⭐ SOC239 -Remote Code Execution Detected in Splunk Enterprise Whenever “RCE” appears in an alert title, the severity

Join discussion

RRridesh raju bijwerideshcyber.hashnode.dev

0

SOC168 – Whoami Command Detected in Request Body Walkthrough (EventID:118)

Feb 28 · 4 min read · A Command Injection Investigation | LetsDefend SOC Lab Today’s alert immediately caught my attention: Whoami Command Detected in Request Body At first glance, it may look like a harmless Linux command

Join discussion

RRridesh raju bijwerideshcyber.hashnode.dev

0

SOC169 – Possible IDOR Attack Detected Walkthrough (EventID:119)

Feb 26 · 4 min read · Today, we’ll be investigating another LetsDefend SOC alert: SOC169 — Possible IDOR Attack Detected In this walkthrough, we’ll analyze how repeated web requests exposed a serious web application vulner

Join discussion

MSMoustafa S. Kamelblog.klivvr.com

0

The Silent Scan

Feb 24 · 6 min read · Picture this… A stranger walks up to your house at 3 AM. They quietly check your windows, test the door handle, then slip away. Your security cameras recorded everything. But the screen that shows th

Join discussion

RRridesh raju bijwerideshcyber.hashnode.dev

0

SOC175 Walkthrough – PowerShell Found in Requested URL-Possible CVE-2022-41082 Exploitation Walkthrough (EventID:125)

Feb 21 · 5 min read · In today’s walkthrough, we’re investigating another LetsDefend alert: SOC175 – PowerShell Found in Requested URL – Possible CVE-2022-41082 Exploitation During this analysis, I made a small but impo

Join discussion

RRridesh raju bijwerideshcyber.hashnode.dev

0

SOC164 – Suspicious Mshta Behavior Walkthrough (EventID:114)

Feb 22 · 4 min read · Today we’re investigating another LetsDefend alert: SOC164 – Suspicious Mshta Behavior This alert focuses on detecting suspicious usage of a legitimate Windows binary often abused by attackers. 🔎 Al

Join discussion

SSravanzero-layer.hashnode.dev

0

Understanding LSASS — The Security Brain of Windows

Feb 20 · 8 min read · Introduction – What This LSASS Article Will Cover In this article, we will take a deep dive into LSASS — not from a tool perspective, but from an architectural and internal understanding standpoint. L

Join discussion

Tag feed

Tag feed

#blueteam

⭐ SOC250 – APT35 HyperScrape Data Exfiltration Tool Detected Walkthrough (EventID:212)

⭐ SOC173 – Follina 0-Day Detected Walkthrough (EventID:123)

The Ransomware Playbook: Anatomy of a Modern Attack

⭐ SOC239 – Remote Code Execution Detected in Splunk Enterprise Walkthrough (EventID: 201)

SOC168 – Whoami Command Detected in Request Body Walkthrough (EventID:118)

SOC169 – Possible IDOR Attack Detected Walkthrough (EventID:119)

The Silent Scan

SOC175 Walkthrough – PowerShell Found in Requested URL-Possible CVE-2022-41082 Exploitation Walkthrough (EventID:125)

SOC164 – Suspicious Mshta Behavior Walkthrough (EventID:114)

Understanding LSASS — The Security Brain of Windows

#blueteam

Search Hashnode

#blueteam

⭐ SOC250 – APT35 HyperScrape Data Exfiltration Tool Detected Walkthrough (EventID:212)

⭐ SOC173 – Follina 0-Day Detected Walkthrough (EventID:123)

The Ransomware Playbook: Anatomy of a Modern Attack

⭐ SOC239 – Remote Code Execution Detected in Splunk Enterprise Walkthrough (EventID: 201)

SOC168 – Whoami Command Detected in Request Body Walkthrough (EventID:118)

SOC169 – Possible IDOR Attack Detected Walkthrough (EventID:119)

The Silent Scan

SOC175 Walkthrough – PowerShell Found in Requested URL-Possible CVE-2022-41082 Exploitation Walkthrough (EventID:125)

SOC164 – Suspicious Mshta Behavior Walkthrough (EventID:114)

Understanding LSASS — The Security Brain of Windows