Cyber Incident Response with Splunk | TryHackMe Incident Handling with Splunk

Рет қаралды 24,321

Жыл бұрын

In this video walkthrough, we covered responding to cyber incident using Splunk to analyze the related events and uncover the attack artifacts.
******
Receive Cyber Security Field Notes, Certification Notes and Special Training Videos
/ @motasemhamdan
Writeup
motasem-notes.net/cyber-incid...
*******
Splunk Training Playlist
• Investigating Cerber R...
********
LinkedIn
[1]: / motasem-hamdan-7673289b
[2]: / motasem-eldad-ha-bb424...
Instagram
/ dev.stuxnet
Twitter
/ manmotasem
Facebook
/ motasemhamdantty
******

Пікірлер: 33

@kazimtalibov3877 10 ай бұрын

Good day! thanks for the video! How did you upload data ?Which data? Where did you get it? thanks

@johnvardy9559 3 ай бұрын

great work!

@tonyfernandes216 Жыл бұрын

You are simply the Best.

@albuandrei2005 Ай бұрын

I read that in Tina Turner's voice :P

@Joyrolliiii 6 ай бұрын

Hi, i understand IP 40.80.148.42 has more logs. so basically it could be an attacker. however, how did you find/ why could you make sure that this IP was the attacker by looking the field? I'm looking at it but don't know what is the specific things that I need to look. Thank you for your video lecture, it really helps me a lot.

@sehlibuilder6759 Жыл бұрын

Thanks ! Informative content ! Could you please share with us your notes so that we can use them during THM trainings ?

@MotasemHamdan Жыл бұрын

Hello, notes are part of channel membership tier 2. Details: motasem-notes.net/cyber-security-field-notes/

@EmmanuelAwuzie 10 ай бұрын

hello motasem i noticed you have a notes library with rich information i need those can i buy from you??

@Gamer16232 Жыл бұрын

If we’re new to this how are we supposed to know acunetix is a vulnerability scanner? Remember most people here are trying to learn from scratch. I feel like this would be better if you go in with the mindset that you’re a noobie. Just my opinion

@CreepyGRC Жыл бұрын

Mostly you apply OSINT as you continue to learn, everything started foggy for me until I am able to piece everything together and that's the challenge. Tryhackme and other platforms provide the leverage to piece them together compared to enrolling in courses.

Жыл бұрын

I was doing this on my own when I was looking for the web host and since I wasn't sure I looked it up on Google. Whenever the information isn't handed to you you should Google it. OSINT is a big part of security operations.

@vz7742 Жыл бұрын

Its tipical shitty THM room in which they dont explain majority of stuff. Im switchingto HTB Academy on first July.

@muhammadrazahayder7264 11 ай бұрын

Can have your notes if you deem appropriate? Please. It seems the ultimate sheet for any analyst.

@johnvardy9559 3 ай бұрын

32:26 you have click on event 1 why you cklicked this one and not event 7?what is the mindset we have to invest all of these events.? what did you choose this one?

@martinbaran6439 3 ай бұрын

You said the attackers leveraged a vulnerability to gain access to the web server but that not true, the attacker actually brute forced his way in for the initial entry

@wazibabor3854 11 ай бұрын

Hello Sir, can u trained us Cyber Incident Response with Splunk in the real world case with projects

@Nasserr2 8 ай бұрын

is there a way we can get your notes ? they seem very good. also what note app is that

@MotasemHamdan 8 ай бұрын

Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below kzfaq.info/love/NSdU_1ehXtGclimTVckHmQjoin Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below motasem-notes.net/

@deonmarfo9878 8 ай бұрын

Thank You! Is there any way you can share your notes ?

@MotasemHamdan 8 ай бұрын

@CreepyGRC Жыл бұрын

Is this the reason why organizations prefer ELK stack because splunk is harder to query? Haha. Do you know other query tools Motasem aside from Sigma, would love to hear your suggestions. :D

@MotasemHamdan Жыл бұрын

Brim is a great tool to analyze network packet captures and works based on queries.

@kevingardocki Жыл бұрын

When I put in index=botsv1 , no events are popping up , is there a step in the beginning im missing?

@MotasemHamdan Жыл бұрын

Did you try index=* ?

@kevingardocki Жыл бұрын

@@MotasemHamdan yes that as well are you putting in data sets ? I tried index=“botsv1” I wonder if anything change with values

@user-if6ul2yg3g Жыл бұрын

@@kevingardocki try change smart mode to the verbose mode, and time setting from last 24hr to all time. you can find them in the right part of the page

@hidden9495 Жыл бұрын

What about time period? Might be changing it into "All time" might help.

@CertifiedOtherBoy-cn7pg 11 ай бұрын

@@hidden9495 That's what it was for me. Changing to All Time did the trick.

@liebermen2369 28 күн бұрын

34:00 for some reason my hash value for the first log was different and the hash value of the third log turned out to be the correct answer, writing this comment here in case someone else gets this problem.