Data manipulation in products like Splunk refers to various operations performed to make data more meaningful and useful. These products are data analytics and security information management platforms that can collect, index, and analyze large volumes of data from different sources. Here are some data manipulation operations performed in products…

An observed occurrence within a system refers to an event, incident, or happening that is noticed, recorded, or detected within that system. It can encompass a wide range of activities, behaviors, or incidents that are observed and documented for various purposes, such as monitoring, analysis, troubleshooting, or evaluation. In various…

Understanding Security Alert Nature: Explore the nature of security alerts and their implications within the context of incident response. Gathering Additional Evidence: Delve into the process of collecting supplementary evidence to enhance incident understanding and resolution. Importance of Asset Inventory and Spreadsheet of Doom: Recognize the significance of maintaining an accurate…

I realized that I haven’t solved the machine-challenge for a long time. And I realized that I missed a lot. That’s why I couldn’t get up to speed and decided to blend the two machines and write you a Walkthrough. A blueteamlabs.online machine and a cyberdefenders machine

What if we get a vulnerable WebApp (say RCE/CI) running on a Kubernetes pod ? Actually, in this blog post, we will look into the answers to this question with the support of Attackdefense labs. Kubernetes is a popular container orchestration platform. Containers are a technology that packages all the…

We said “Next article will talk about EC2 Incident Response and Forensic Analysis, Margarita Shotgun, a Remote Memory Acquisition Tool, aws_ir tool.” Let’s continue. Every EC2 (Elastic Compute Cloud) instance in Amazon Web Services (AWS) consists of a root volume. The root volume is the primary storage device attached to…

According to Forrester and Gartner Studies 75% of enterprise servers are virtualized With the increasing adoption of cloud computing by organizations for storing, processing, and managing their data and applications, it has become essential to have specific DFIR practices tailored for cloud-based environments. 50% of all enterprises are in a…

Hello again. I haven’t been able to write for a while because of the sad event that shook my country. But I have seen people who follow, like and want me to continue writing.That’s why I said let’s get together as soon as possible and not continue to write and…

Can you create a hypothesis for threat hunting scenarios? A hypothesis is a proposed explanation for a phenomenon that can be tested through further investigation. …