49 docs tagged with "alessandro"

1. Download the Debian package

📦 Installation

⚙️ Using Cargo

By default, Windows ships with insecure legacy protocols like LLMNR and NetBIOS enabled. These protocols can leak username and password hashes over the network and are often abused by tools like Responder.

💡 This guide walks you through setting up Elasticsearch, Kibana, and Filebeat in a realistic SIEM-style environment using Ubuntu 22.04 inside a VM (e.g. VirtualBox, VMware).

BloodHound CE is the latest version, featuring a modern web interface and simplified setup using Docker.

This guide walks through a secure setup of GitHub access using a YubiKey on Windows 11, including:

Incident Handling Process

Mirage

- Setting the Stage

Within the domain of cybersecurity and threat hunting, several crucial terms and concepts play a pivotal role. Here's an enriched understanding of these:

Cyber Threat Intelligence Definition

Threat Intelligence Report: Stuxbot

Recently uncovered details shed light on the operational strategy of Stuxbot's newest iteration.

What Is Splunk?

Splunk Applications

---

---

As previously mentioned, the second approach leans heavily on statistical analysis and anomaly detection to identify abnormal behavior. By profiling normal behavior and identifying deviations from this baseline, we can uncover suspicious activities that may signify an intrusion. These statistical detection models, although driven by data, are invariably shaped by the broader understanding of attacker techniques, tactics, and procedures (TTPs).

✅ 1. Download Winlogbeat on your Windows machine

HTB-Cover-Fluffy

What Is The Elastic Stack?

Scenario

Windows-Attacks-and-Defense

Description

Description

Description

Description

Description

Description

Description

Description

Windows Event Logging Basics

Description

Description

Description

Description

Description

Description

In our pursuit of robust cybersecurity, it is crucial to understand how to identify and analyze malicious events effectively.

In the realm of effective threat detection and incident response, we often find ourselves relying on the limited log data at our disposal. However, this approach falls short of fully harnessing the immense wealth of information that can be derived from the powerful resource known as Event Tracing for Windows (ETW). Unfortunately, this oversight can be attributed to a lack of awareness and appreciation for the comprehensive and intricate insights that ETW can offer.

Detection Example 1: Detecting Strange Parent-Child Relationships

Understanding the importance of mass analysis of Windows Event Logs and Sysmon logs is pivotal in the realm of cybersecurity, especially in Incident Response (IR) and threat hunting scenarios. These logs hold invaluable information about the state of your systems, user activities, potential threats, system changes, and troubleshooting information. However, these logs can also be voluminous and unwieldy. For large-scale organizations, it's not uncommon to generate millions of logs each day. Hence, to distill useful information from these logs, we require efficient tools and techniques to analyze these logs en masse.

To keep you sharp, your SOC manager has assigned you the task of analyzing older attack logs and providing answers to specific questions.

The median duration between an actual security breach and its detection, otherwise termed "dwell time", is usually several weeks, if not months. This implies a potential adversarial presence within a network for a span approaching three weeks, a duration that can be significantly impactful.

🎖️ Immersive Labs Badge

📋 Task 0 - Get Started

1. Headings

The-Hunters-Games-2025