RRridesh raju bijweinrideshcyber.hashnode.devSOC168 – Whoami Command Detected in Request Body Walkthrough (EventID:118)A Command Injection Investigation | LetsDefend SOC Lab Today’s alert immediately caught my attention: Whoami Command Detected in Request Body At first glance, it may look like a harmless Linux command6h ago·4 min read
RRridesh raju bijweinrideshcyber.hashnode.devSOC169 – Possible IDOR Attack Detected Walkthrough (EventID:119)Today, we’ll be investigating another LetsDefend SOC alert: SOC169 — Possible IDOR Attack Detected In this walkthrough, we’ll analyze how repeated web requests exposed a serious web application vulner2d ago·4 min read
RRridesh raju bijweinrideshcyber.hashnode.devSOC175 Walkthrough – PowerShell Found in Requested URL-Possible CVE-2022-41082 Exploitation Walkthrough (EventID:125)In today’s walkthrough, we’re investigating another LetsDefend alert: SOC175 – PowerShell Found in Requested URL – Possible CVE-2022-41082 Exploitation During this analysis, I made a small but impo6d ago·5 min read
RRridesh raju bijweinrideshcyber.hashnode.devSOC164 – Suspicious Mshta Behavior Walkthrough (EventID:114)Today we’re investigating another LetsDefend alert: SOC164 – Suspicious Mshta Behavior This alert focuses on detecting suspicious usage of a legitimate Windows binary often abused by attackers. 🔎 Al6d ago·4 min read
MRMohammad Reza Mirzadzareinblog.mirzadzare.netIP Spoofing to Account Takeover: You Patched It? Really?Abstract In my previous article, I described how I found a security flaw in a popular desktop app's OAuth flow that allowed me to steal any user's account with just one click. I reported it, saw it paFeb 20·7 min read
RRridesh raju bijweinrideshcyber.hashnode.devSOC164 - Suspicious Mshta Behavior Walkthrough (EventID:114)Today we’re investigating another LetsDefend alert: SOC164 – Suspicious Mshta Behavior This alert focuses on detecting suspicious usage of a legitimate Windows binary often abused by attackers. 🔎 Alert Overview From the monitoring page, we are pro...Feb 19·3 min read
RRridesh raju bijweinrideshcyber.hashnode.devSOC163 – Suspicious Certutil.exe Usage Walkthrough (Event ID: 113)In this walkthrough, we investigate the SOC163 – Suspicious Certutil.exe Usage alert in the LetsDefend platform. 🔎 Alert Overview The monitoring dashboard shows an alert triggered for suspicious usage of certutil.exe. Certutil.exe is a legitimate ...Feb 19·3 min read
MCMichael Creadoninibm-watson-healthcare.hashnode.devStrengthening Data Security: Understanding IBM Guardium in Modern EnterprisesAs organizations generate and store increasing volumes of sensitive data, database security has become a foundational requirement rather than a secondary control. Regulatory compliance, insider threats, and sophisticated cyberattacks demand continuou...Feb 18·3 min read
RRridesh raju bijweinrideshcyber.hashnode.dev⭐SOC282 – Phishing Alert: Deceptive Mail Detected Walkthrough (EventID:257)Today we’re investigating another LetsDefend alert: SOC282 – Phishing Alert: Deceptive Mail Detected This alert focuses on identifying whether a suspicious email is malicious and determining the appropriate response actions. 🔎 Alert Overview From ...Feb 17·3 min read
ADApp Devinaiappdev.hashnode.devHow Is Google Detecting State-Sponsored Hackers Using AI?Google deploys advanced AI-powered threat intelligence systems combining machine learning algorithms, behavioral analysis, and real-time pattern recognition to identify state-sponsored hacking attempts. These AI cybersecurity solutions analyze billio...Feb 16·7 min read
