Examine network traffic with Wireshark to investigate web server compromise, identify SQL injection, extract attacker credentials, and detect uploaded malware. Introduction I want to focus on my Wireshark skills a lot more in the coming months. I have a lot of experience with Microsoft鈥檚 KQL and using that to dig through network traffic, but that only happens after it comes through a SIEM or EDR tool before. I like to know how to analyze network traffic from the ground up, so you鈥檒l be seeing a lot more Wireshark in the future! ...
Analyze network traffic using Wireshark to identify DanaBot initial access, deobfuscate malicious JavaScript, and extract IOCs like IPs, file hashes, and execution processes.. Introduction Back to CyberDefenders yet again! A lot of my recent posts have been focused more on Threat Intel. Threat Intel is great to have in the back of your mind as being something you may need to do. Attribution is important if you鈥檙e a Threat Hunter/Researcher, but if you鈥檙e a SOC Analyst then it鈥檚 not very likely that you鈥檒l be collating every indicator from an alert - It鈥檚 much more likely that you鈥檒l pick up an alert and investigate it, close it, and move on with the next five alerts that have come into your SIEM in the time it took. ...
Investigate IcedID malware using VirusTotal and threat intelligence platforms to identify IOCs, associated threat actors, and execution mechanisms. Introduction CyberDefenders IcedID challenge is another Easy challenge. This challenge room is another threat intel focused room so we鈥檒l likely be using any.run, RecordedFuture鈥檚 Tria.ge platform, and probably VirusTotal as well. Here鈥檚 the introduction to the challenge: A cyber threat group was identified for initiating widespread phishing campaigns to distribute further malicious payloads. The most frequently encountered payloads were IcedID. You have been given a hash of an IcedID sample to analyze and monitor the activities of this advanced persistent threat (APT) group. ...
Apply learned skills to probe malicious emails and URLs, exposing a vast phishing campaign. Introduction It鈥檚 been a while since I鈥檝e done a TryHackMe write-up. Initially this was all I ever wrote posts on up until I looked to some other platforms. We鈥檙e back today! Time for more Phishing analysis in today鈥檚 challenge; Snapped Phish-ing Line. We get quite a bit of an introduction to this room. Let鈥檚 go through it: As an IT department personnel of SwiftSpend Financial, one of your responsibilities is to support your fellow employees with their technical concerns. While everything seemed ordinary and mundane, this gradually changed when several employees from various departments started reporting an unusual email they had received. Unfortunately, some had already submitted their credentials and could no longer log in. ...
Analyze a suspicious executable using VirusTotal and MalwareBazaar to extract IOCs, identify C2 infrastructure, MITRE ATT&CK techniques, and privilege escalation mechanisms. Introduction Another Threat Intel focused lab for today. The red stealer lab available through Cyber Defenders. You are part of the Threat Intelligence team in the SOC (Security Operations Center). An executable file has been discovered on a colleague鈥檚 computer, and it鈥檚 suspected to be linked to a Command and Control (C2) server, indicating a potential malware infection. Your task is to investigate this executable by analyzing its hash. The goal is to gather and analyze data beneficial to other SOC members, including the Incident Response team, to respond to this suspicious behavior efficiently. ...