Understanding Security Alert Nature: Explore the nature of security alerts and their implications within the context of incident response. Gathering Additional Evidence: Delve into the process of collecting supplementary evidence to enhance incident understanding and resolution. Importance of Asset Inventory and Spreadsheet of Doom: Recognize the significance of maintaining an accurate…

I realized that I haven’t solved the machine-challenge for a long time. And I realized that I missed a lot. That’s why I couldn’t get up to speed and decided to blend the two machines and write you a Walkthrough. A blueteamlabs.online machine and a cyberdefenders machine

What if we get a vulnerable WebApp (say RCE/CI) running on a Kubernetes pod ? Actually, in this blog post, we will look into the answers to this question with the support of Attackdefense labs. Kubernetes is a popular container orchestration platform. Containers are a technology that packages all the…

We said “Next article will talk about EC2 Incident Response and Forensic Analysis, Margarita Shotgun, a Remote Memory Acquisition Tool, aws_ir tool.” Let’s continue. Every EC2 (Elastic Compute Cloud) instance in Amazon Web Services (AWS) consists of a root volume. The root volume is the primary storage device attached to…

According to Forrester and Gartner Studies 75% of enterprise servers are virtualized With the increasing adoption of cloud computing by organizations for storing, processing, and managing their data and applications, it has become essential to have specific DFIR practices tailored for cloud-based environments. 50% of all enterprises are in a…

Hello again. I haven’t been able to write for a while because of the sad event that shook my country. But I have seen people who follow, like and want me to continue writing.That’s why I said let’s get together as soon as possible and not continue to write and…

Can you create a hypothesis for threat hunting scenarios? A hypothesis is a proposed explanation for a phenomenon that can be tested through further investigation. In the context of threat hunting, a hypothesis might be a proposed explanation for suspicious or anomalous activity that has been observed on a network…

The following topics will be covered in this series of articles: Live Response Human interactions Creating a live response kit Transporting data across a network Collecting volatile data Determining if dead analysis is justified Dumping RAM Acquiring filesystem images Using dd Using dcfldd Write blocking Software blockers Udev rules Forensic…

Before starting the Linux Server Analysis, the event we will go into is to examine a web server with Linux installed and additionally to look at Apache Log Analysis, Web Server Analysis, possible persistence mechanisms. Here we will try to see potential web attacks by making inferences from both analysis…