CHConnor Harteinconnorhartecybersecurity.hashnode.dev·May 24 · 4 min readWho am I?Hello! My name is Connor Harte, and I’m an aspiring cybersecurity analyst.The purpose of this blog is to showcase my passion for technology, document my learning journey, and share the skills I contin00
RRridesh raju bijweinrideshcyber.hashnode.dev·Mar 7 · 4 min read⭐ SOC250 – APT35 HyperScrape Data Exfiltration Tool Detected Walkthrough (EventID:212)In this case study, I investigated a high-severity alert from the LetsDefend platform: SOC250 – APT35 HyperScrape Data Exfiltration Tool Detected This alert simulates activity associated with APT35, a00
RRridesh raju bijweinrideshcyber.hashnode.dev·Mar 4 · 4 min read⭐ SOC173 – Follina 0-Day Detected Walkthrough (EventID:123)A Malware Investigation Walkthrough | LetsDefend SOC Lab Today’s alert involves a well-known real-world vulnerability: Follina (CVE-2022-30190) – Microsoft Office Remote Code Execution Vulnerability S00
RRridesh raju bijweinrideshcyber.hashnode.dev·Feb 19 · 3 min readSOC164 - Suspicious Mshta Behavior Walkthrough (EventID:114)Today we’re investigating another LetsDefend alert: SOC164 – Suspicious Mshta Behavior This alert focuses on detecting suspicious usage of a legitimate Windows binary often abused by attackers. 🔎 Alert Overview From the monitoring page, we are pro...00
RRridesh raju bijweinrideshcyber.hashnode.dev·Feb 19 · 3 min readSOC163 – Suspicious Certutil.exe Usage Walkthrough (Event ID: 113)In this walkthrough, we investigate the SOC163 – Suspicious Certutil.exe Usage alert in the LetsDefend platform. 🔎 Alert Overview The monitoring dashboard shows an alert triggered for suspicious usage of certutil.exe. Certutil.exe is a legitimate ...00
NDnickson diazinpruba.hashnode.dev·Feb 18 · 3 min readSOC163 — Suspicious Certutil.exe Usage | LestDefendnow we have more knowledge and I think that It’ll be easy to do. Type: LOLBIN EVENTID: 113 Press enter or click to view image in full size What are Living-off-the-land binaries (LOLBins)? A LoLBin is any binary supplied by the operating system that ...00
RRridesh raju bijweinrideshcyber.hashnode.dev·Feb 17 · 3 min read⭐SOC282 – Phishing Alert: Deceptive Mail Detected Walkthrough (EventID:257)Today we’re investigating another LetsDefend alert: SOC282 – Phishing Alert: Deceptive Mail Detected This alert focuses on identifying whether a suspicious email is malicious and determining the appropriate response actions. 🔎 Alert Overview From ...00
RRridesh raju bijweinrideshcyber.hashnode.dev·Feb 13 · 3 min readSOC335 – CVE-2024-49138 Exploitation Detected Walkthough (EventID: 313)Today we are going to investigate another LetsDefend alert:SOC335 – CVE-2024-49138 Exploitation Detected. This alert is more serious than the usual login or brute-force alerts because it involves a known vulnerability and possible exploitation on a h...00
RRridesh raju bijweinrideshcyber.hashnode.dev·Feb 10 · 4 min readSOC257 – VPN Connection Detected from Unauthorized Country (EventID:225)Today we are going to investigate SOC257 – VPN Connection Detected from Unauthorized Country. Even though the severity of this alert is Low, it still has its own importance. The main challenge here is confirming whether the attacker actually gained a...00
RRridesh raju bijweinrideshcyber.hashnode.dev·Feb 5 · 4 min read⭐ SOC146 – Phishing Mail Detected (Excel 4.0 Macros)[Event ID: 93]Today, we are going to re-investigate SOC146 – Phishing Mail Detected (Excel 4.0 Macros).This alert is particularly interesting because I had investigated it almost a year ago, and revisiting it now helps reinforce how phishing investigations evolve ...00
