Kali-linux get's blocked by antivirus after download, is there a reason why? And if not is there way to get around it?
@MyDFIR3 сағат бұрын
Kali can be seen “bad” to some antivirus since it can be used for nefarious purposes. To get around it, add an exception on your antivirus.
@genjimccorkle551813 сағат бұрын
Very informative. I am just now starting to learn nessus, nmap, and wireshark. Preparing for a job after Christmas after a few more certs and some homelabbing.
@MyDFIR3 сағат бұрын
Best of luck!
@tejasghag386621 сағат бұрын
For me it is showing that ls: cannot access'/opt/thp' : No such file or directory will you please help me with the trouble shooting
@sauls.190719 сағат бұрын
I have the same issue. He told another person to try reinstalling the hive. The last lines after the install command are Reading package lists... Done Building dependency tree... Done Reading state information... Done E: Unable to locate package thehive
@sauls.190719 сағат бұрын
Still says no file or directory. Please lmk if you're able to solve it
@MyDFIR3 сағат бұрын
Take a look at theHive documentation and try installing it via that way just to make sure you didn’t miss any pre requisites
@deepakdiwakar296823 сағат бұрын
Sir there is an error while starting the elasticsearch through "systemctl start elasticsearch" with an error status of "Job for elasticsearch.service failed because the control process exited with error code.". If anyone knows the solution please help. I followed the prior steps as they are. And I tried various online solutions but they aren't able to solve the error.
@MyDFIR3 сағат бұрын
Double check your elastic configuration files and make sure there is no spelling mistakes. Search up where you can view the log for this error to learn more information as to why its causing the service to fail.
@dayveedweezyКүн бұрын
HI please can you help with the link to the Part 5 EDR project? The other one i saw on your playlist is for another automation project with Wazuh. Thank you
@MyDFIRКүн бұрын
Part 5 will be out on Tuesday! Stay tuned :)
@dayveedweezyКүн бұрын
@@MyDFIR awesome, thank you for your content and I love your teaching strategy snd process. Keep up the good work.
@user-ky5qu1xt9uКүн бұрын
I want to say thank you for putting out such great videos. I am currently going along with this project and ran into my first issue. I created my detection rule and everything was moving along smoothly until I went back into powershell, typed 'lazagne.exe all' and it was not detected. I waited another hour to see if it would start populating in my detection section and still nothing. I'm currently stuck, any advice would be greatly appreciated :) Thanks!!
@MyDFIRКүн бұрын
If you see the “lazagne all” event?
@user-ky5qu1xt9uКүн бұрын
@@MyDFIR yes
@user-ky5qu1xt9uКүн бұрын
@@MyDFIR After I created the detection rule I tested it and all 4 operations were working. I went back into powershell and ran the lazagne.exe all command and went back into limacharlie under the detection tab to see if anything was detected and still nothing. I stopped and restarted everything and ran it over again and still nothing. Thank you for responding btw
@MyDFIRКүн бұрын
Whatttt OK, can you DM me on Instagram with screenshots?
@user-ky5qu1xt9uКүн бұрын
@@MyDFIR I just logged into everything and was getting ready to take screenshots and it generated a detection.. still took almost the entire day to generate lol but I am much appreciative of you ... seriously you have no idea how much your helping me!! Thank you again !! I'm going to move on to part 4 now.
@sybex200Күн бұрын
Nice content. Can you say what courses or platforms did you use for training to get experience ? Thank you.
@MyDFIRКүн бұрын
Thanks! Honestly? Through my job haha just practicing on my own and reading documentation.
@mhsgКүн бұрын
In the configuring Wazuh section @11:50 , are you on the windows vm executing the PowerShell?
@MyDFIRКүн бұрын
Yup 👍
@crowbar9566Күн бұрын
When I hit tab autocomplete I got a different command, so i typed it out in full. Also I don't get those pink screens when the downloads complete. Why's that? Also after the 2nd reboot I still got the fatal error 'the group vboxsf does not exist' . How do I make vboxsf exist?? I have no idea where I went wrong because i'm pausing the video and following along at every step .
@MyDFIR3 сағат бұрын
You could try using wget to download splunk onto your virtual machine. Since I am unable to see your configuration, it is quite tough to troubleshoot. Worst case, restart from scratch.
@simhawk3986Күн бұрын
I was having trouble pulling up the same info. I am logged into Wazuh, but I see your on the modules and security events tab. I could not seem to find that exact area in Wazuh.
@MyDFIRКүн бұрын
Wazuh did update their GUI sometime this month with the new version of 4.8.
2 күн бұрын
Do you recommend the CCD from CyberDefenders, or should I go for Blue Team Level 1 (BTL1) instead since CCD seems more expensive?
@MyDFIR2 күн бұрын
Great question, I say if you’re in the position to purchase CCD, I would recommend it but if budgets are tight, go for CDSA Soc path and then TryHackMe or LetsDefend subscription 👍
@chamaragunasena64372 күн бұрын
Awesome! Keep up the good work 👌❤
@MyDFIR2 күн бұрын
Thank you! 😄
@mhsg2 күн бұрын
Hello man, im tryign yo install thehive, but i am getting "Reading package lists... Done Building dependency tree... Done Reading state information... Done E: Unable to locate package thehive "E: Unable to locate package thehive".
@mhsg2 күн бұрын
Also, can i install thehive in a different way? i.e, following their installation guide?
@MyDFIR2 күн бұрын
Yeah, you can try following their install guide
@mhsg2 күн бұрын
@@MyDFIR I've just tried the official guide and it worked. Thanks
@Valid_tech_official2 күн бұрын
good information bro
@MyDFIR2 күн бұрын
Thank you so much 🙂
@felipepxavier2 күн бұрын
After adding "/usr/local/etc/rules/pulledpork.rules" to the ips module on "snort.lua", Snort was not able to load the rules even with the option "--plugin-path /usr/local/etc/so_rules/". I got 282 erros like "ERROR: /usr/local/etc/rules/pulledpork.rules:9789 SO rule 49615 not loaded.". It worked fine with the local rule we created first. Any idea why? Thanks!
@Just_A_Tech.._2 күн бұрын
🤝
@olayinkaojo88282 күн бұрын
Please can you help me with installing Snort 3 on Ubuntu 24.04. I am currently in the Thesis phase of my study and need Snort. The error am receiving is at the installation of the prerequisite phase. "E: unable to locate package zlib1g-dev" and also libtool and libmnl-dev. Thanks
@MyDFIR2 күн бұрын
Do double check your spelling for those packages
@olayinkaojo88282 күн бұрын
Hi MyDFIR. This tutorial is a master class, especially for Snort 3! Simple, straight forward, and strong. Thanks
@MyDFIR2 күн бұрын
Thank you for watching ❤️
@udaypandra60873 күн бұрын
bro i have made this project as my capstone project and need some clarifications can i connect with for few minutes by any chance
@MyDFIR3 күн бұрын
You can DM me in my instagram/X
@crowbar95663 күн бұрын
Thank you
@MyDFIR3 күн бұрын
Thanks for watching ❤️
@tariqzadjali99614 күн бұрын
What about the Middle East in general if your an entry level
@MyDFIR3 күн бұрын
Unfortunately I cannot speak to the Middle East :( I would research the average salary to get a realistic range.
@tariqzadjali99614 күн бұрын
thanks man I really appreciate it I just wanted to ask if we can also link beginner guided projects to our portfolio from coursera aswell you know for landing an internship role as I am still a university student
@MyDFIR3 күн бұрын
Absolutely 👍
@MrMexz4 күн бұрын
Thank you
@MyDFIR3 күн бұрын
You're welcome!
@mapletech_224 күн бұрын
This is great ❤❤🎉
@romancancode4 күн бұрын
well done man, this is awesome 👏
@MyDFIR3 күн бұрын
Thank you! Cheers!
@franklinmccullough854 күн бұрын
I can't wait to get this up and running at home!
@MyDFIR3 күн бұрын
Can’t wait for you to build it out! Feel free to tag me on LinkedIn (@MyDFIR) if you end up documenting it.
@ajayiosahontv4 күн бұрын
You're a G.O.A.T. Thank you for the amazing work. I'm in the process of setting up my HomeLab. I want to change my Wi-Fi network to Ethernet before I continue with Part 3, or do you think it's advisable to continue setting it up with a Wi-Fi network? Should I just switch to an Ethernet cable instead?
@MyDFIR3 күн бұрын
Thanks! Either or works, I would do it via ethernet if possible just cause its more “reliable”
@hensolo88254 күн бұрын
I run into an error when I run sudo netplan apply: Openvswitch is not running So I fixed it by running sudo apt-get install openvswitch-switch-dpdk
@MyDFIR4 күн бұрын
Great job on fixing that 👏👏
@yehyamneimne5 күн бұрын
Where can I apply for SOC? I have done a lot of CTFs on THM and reached top 1%
@MyDFIR4 күн бұрын
I personally look for positions on LinkedIn/Indeed as my go to source.
@crowbar95666 күн бұрын
I'm following along today. Whats the best way to document this? I want to include this on my CV. Thanks for all your hard work MyDFIR, I really appreciate it - Matt from UK
@MyDFIR5 күн бұрын
Here is a video I created to help you think about the structure when it comes to documenting. Create a Cybersecurity Portfolio on Github (GUIDE) kzfaq.info/get/bejne/pptpdZB6m53dlmw.html
@crowbar95664 күн бұрын
@@MyDFIR Thanks man appreciate this. Also, when I started the Splunk machine it caused everything to run slow and nothing worked, even though I knocked it down to 6gb. My pc has 250Gb plus 1Tb storage, i7 Dell. I think I will need to knock it right down for all this to work.
@tonyrandell76306 күн бұрын
Thanks for this video bud, I need to check some software I purchased which showed malware on my mac and pc 👍
@MyDFIR5 күн бұрын
Anytime! Hopefully the software isn’t actually malware 😅
@tonyrandell76305 күн бұрын
@@MyDFIR I think it is as it’s messed up my pc it’s hard to get to the sites and check
@Just_A_Tech.._6 күн бұрын
💓👌🤝👌💓
@MyDFIR5 күн бұрын
❤️❤️
@Okdoky123456 күн бұрын
your the best thank you! in general this is somthing that you suggest to upload to github for example?
@MyDFIR6 күн бұрын
No, this is something you can talk about during an interview when you are asked about phishing/email investigations.
@Bchicken26 күн бұрын
Appreciate the content!
@MyDFIR6 күн бұрын
Thanks for watching!
@mapletech_226 күн бұрын
Great stuff 👏 👍 👌 🙌
@MyDFIR6 күн бұрын
Thank you! Cheers!❤
@ahammedmashhood49166 күн бұрын
Is there a chance this is used as a persistence mechanism?
@MyDFIR6 күн бұрын
Are you talking about the agent itself? Or what exactly are you referring to be used as a persistence mechanism?
@ahammedmashhood49166 күн бұрын
@@MyDFIR I mean if an attacker put an agent to victim machine and connect it to their account, they can potentially get a console and exfil method that doesn't expire.
@MyDFIR6 күн бұрын
@@ahammedmashhood4916 Yea it is quite possible. In fact, many tools nowadays have the capability to do that as well, RMM in particular comes to mind.
@irocz51506 күн бұрын
Great video!!!
@MyDFIR6 күн бұрын
Thanks for watching!
@HaitianS3nsati0n6 күн бұрын
thank you, thats all i gotta say
@derricktnt6 күн бұрын
In addition the old pc I want to use for a firewall, should be standalone with virtualbox and with pfsense liaded virtually and must it be hardwired or can it be wireless?
@MyDFIR6 күн бұрын
If you want to dedicate your old pc as a firewall and go the virtual box route rather than installing the image directly onto your PC, you'll need to make sure your network adapter is set to bridged mode. Both wireless/wired should be fine however if you plan to keep the firewall up and running all the time, I would opt for a wired connection.
@derricktnt6 күн бұрын
Im trying to download a windows 11 iso for use in the virtual environment. Do I need to be logged into micrrsoft to be successful
@MyDFIR6 күн бұрын
I don't believe you need to be logged in but I could be wrong here.
@cyb3rk1ll3rz6 күн бұрын
Really appreciate the effort you are putting into these vids, Steven. Personally, I have both CDSA and CCD, and I think CDSA is quite practical and nice, but CCD definitely packs more than any training I've ever seen. They kinda nailed it. Don't get me wrong, CDSA is good and the labs are fun, but content-wise, I think CCD is more "complete."
@MyDFIR6 күн бұрын
Absolutely agreed 👍 CCD is worth it from what Ive heard and is something I would always recommend however being 800 is quite difficult for some thus CDSA is quite a great alternative! But regardless of choice, both are amazing.
@johnny314155 күн бұрын
Other than money, what is the big difference between CCD and CDSA? I don't understand what do you mean with "CCD is more complete"?
@MoeMoe-p6t6 күн бұрын
Cool video Steven and congrats on launching your course! As someone with experience in both the field and teaching, would you recommend CCD from CyberDefenders? I heard a lot of folks saying Its the rising star of blue team rn.
@repman5976 күн бұрын
How the course compares to the CyberDefenders CCD?
@MyDFIR6 күн бұрын
Great question: It really depends on what teaching style you prefer. CCD has browser based labs which is a bonus for those who don’t have enough resources to spin up their own stuff. My course does not have browser labs, instead I have students build everything. Regardless of choice, you can’t go wrong with either!
@repman5976 күн бұрын
How the course compares to the CyberDefenders CCD?
@MyDFIR6 күн бұрын
Both are pretty good but really depends on your budget. If you can afford CCD, go for that. If you can't, go for CDSA - They'll teach you similar stuff, just know that regardless of choice, you'll need to do additional learnings to make sure you understand the concepts and fill in gaps that are missing.
@anldemir75656 күн бұрын
things are not hard if teaches correctly. Thank you so much thoose were too confusing to me before this video
@MyDFIR6 күн бұрын
Glad it was helpful! I have a lot more of these videos on my channel. Feel free to take a look 💪
@crowbar95666 күн бұрын
Tenable Nessus is NOT free. it’s crazy expensive .
@MyDFIR6 күн бұрын
There is a “essential” version (free) that you can use as practice. Definitely missing a lot of features compared to the paid one but still an option.
@DAREuDARE7 күн бұрын
Could we Use another server? And which? Coz since May, it looks like there's a bug interfering with the Server.... Most people just can't "connect the ubuntu Splunk server to the internet" I've been trying for days but to no avail. '
@MyDFIR7 күн бұрын
If I misunderstood your question please correct me! Using another server wouldn’t solve the problem of being unable to connect to the internet. What happens if you ping google.com?
@DAREuDARE6 күн бұрын
@@MyDFIR and this keeps happening after sudo netplan apply : response warning root: cannot call open vSwitch: ovsdb-server.service is not running.
@jocelynb89357 күн бұрын
Great info. I need to create a profile and set up a lab....I will be following you and watching your videos as they are information and easy to understand an follow. Mahalo for all of your help.
@MyDFIR7 күн бұрын
Wonderful! I am happy to hear that and let me know if you have any questions.
@ibrahimatta36247 күн бұрын
Hi, new to the channel. I am interested in SOC analysis and I am transitioning from data analysis.
@MyDFIR7 күн бұрын
Welcome aboard! If you're interested in becoming a SOC analyst, I would recommend you check out my 2024 SOC Roadmap on my channel to help guide you.