Table of Contents | Exploit. Learn. Secure.

📄️ 1. Incident Handling Process

Incident Handling Process

📄️ 2. Introduction To The Elastic Stack

What Is The Elastic Stack?

📄️ 3. Windows Event Logs

Windows Event Logging Basics

📄️ 4. Analyzing Evil With Sysmon & Event Logs

In our pursuit of robust cybersecurity, it is crucial to understand how to identify and analyze malicious events effectively.

📄️ 5. Event Tracing for Windows (ETW)

In the realm of effective threat detection and incident response, we often find ourselves relying on the limited log data at our disposal. However, this approach falls short of fully harnessing the immense wealth of information that can be derived from the powerful resource known as Event Tracing for Windows (ETW). Unfortunately, this oversight can be attributed to a lack of awareness and appreciation for the comprehensive and intricate insights that ETW can offer.

📄️ 6. Tapping Into ETW

Detection Example 1: Detecting Strange Parent-Child Relationships

📄️ 7. Get-WinEvent

Understanding the importance of mass analysis of Windows Event Logs and Sysmon logs is pivotal in the realm of cybersecurity, especially in Incident Response (IR) and threat hunting scenarios. These logs hold invaluable information about the state of your systems, user activities, potential threats, system changes, and troubleshooting information. However, these logs can also be voluminous and unwieldy. For large-scale organizations, it's not uncommon to generate millions of logs each day. Hence, to distill useful information from these logs, we require efficient tools and techniques to analyze these logs en masse.

📄️ 8. Windows Event Logs & Finding Evil - Skills Assessment

To keep you sharp, your SOC manager has assigned you the task of analyzing older attack logs and providing answers to specific questions.

📄️ 9. Threat Hunting Fundamentals

The median duration between an actual security breach and its detection, otherwise termed "dwell time", is usually several weeks, if not months. This implies a potential adversarial presence within a network for a span approaching three weeks, a duration that can be significantly impactful.

📄️ 10. The Threat Hunting Process

- Setting the Stage

📄️ 11. Threat Hunting Glossary

Within the domain of cybersecurity and threat hunting, several crucial terms and concepts play a pivotal role. Here's an enriched understanding of these:

📄️ 12. Threat Intelligence Fundamentals

Cyber Threat Intelligence Definition

📄️ 13. Hunting For Stuxbot

Threat Intelligence Report: Stuxbot

📄️ 14. Hunting For Stuxbot (Round 2) - Skills Assessment

Recently uncovered details shed light on the operational strategy of Stuxbot's newest iteration.

📄️ 15. Introduction To Splunk & SPL

What Is Splunk?

📄️ 16. Using Splunk Applications

Splunk Applications

📄️ 17. Intrusion Detection With Splunk (Real-world Scenario)

---

📄️ 18. Detecting Attacker Behavior With Splunk Based On TTPs

---

📄️ 19. Detecting Attacker Behavior With Splunk Based On Analytics

As previously mentioned, the second approach leans heavily on statistical analysis and anomaly detection to identify abnormal behavior. By profiling normal behavior and identifying deviations from this baseline, we can uncover suspicious activities that may signify an intrusion. These statistical detection models, although driven by data, are invariably shaped by the broader understanding of attacker techniques, tactics, and procedures (TTPs).