Видео

Greaat Great Video , But anyone have the same sample he working on ? because LetsDefend now ,not letting u download the sample , you work on their environment I searched on Malware Bazzar with hash and could not find any

What a waste of time. This lady knows nothing.

Its funny cause youll most likely get a job as a blue teamer

Hope i can edit myself when answering live

Good

Thank you for this great content

This is pointless without the files. SMH

Thank you! This video cleared some of the things and procedures I don't understand about static malware analysis.

I try to search a url given in the SOC Fundamentals course but don't show any result kindly resolve this Search problem

1:14 Woow, So Amazing! [TheDarkPoopVadeee] 🎉

lets alert!

after installing flare my wallpaper didn't change. What did i do wrong

onederful

this is a quality video,

wired to say. she talks too fast. Not good when you are teaching something :3 its heard to analysis what she is talking about

I wish I got these questions 😭

Look at her! Gorgeous

Loved the video❣ If I may make a recommendation, there is a little bit of constant background noise that can sometimes be distracting

you are a lifesaver man excellent vid

Hello. How do I install xorsearch and olemeta on my machine

nice thanks

Only part of peace 😂 full course want vip pass

So, use NAT when you're just on the VM, and 'host only' when you're running malware? Why not disable network when runnning malware?

Blue Team is interesting and straight forward

This was really really awesome, thank you!

Vontade de chorar, mas cada entidade tem seu motivo

Can't find his channel does anyone have the direct address? Thx

Where can I do this labs ubuntu? FlameVM ?

If Defender quarantined something that I want to analyze in a sandboxed environment, do I have to restore it?

awesome content thank you

scheduletask only works for admin user right, for non admin you cant use scheduletask.

The module is to create your own malware analysis virtual machine. NO malware files to download, not copy of your notes to download. Anything available. The course itself is just a mess. Very disappointed about this module. Your explanation is very good, but without the resources seen in these videos... not a good thing.

There's no answers here as to where to get the malware or the notes so I'm going to answer it. Looks like letsdefend didn't want to be responsible for infecting peoples PCs that don't know what they are doing so you access the malware and via a lab environment on their website.

If you get an product key error on startup you need to check "skip unattended install" when setting up the VM. This tries to install the guest OS from the beginning instead of after the OS has installed

50 sec in, already have to do troubleshooting)) classic. "windows could not read the product key virtualbox"

Working on that chapter at Letsdefend SOC analysis path

My favorite platform.

very helpful video. Thank you!

1. What is an incident? In general, an incident is a violation of computer security policies, acceptable use policies, or standard computer security practices. Let's go over some examples: An attacker commands a botnet to send a high volume of connection requests to one of the organization's web servers, causing a crash and denial of service. An attack like this could greatly affect a business's ability to operate. Another example is users are tricked into opening an emailed report from their company. Unfortunately, this quarterly report contains malware, and now that the user has clicked on it, there's a tool running on their computer which establishes connections to a malicious external host. This can be troublesome because now the attacker potentially has a foothold in your internal network. 2. Can you explain the Incident Response life cycle and its key phases? Question number two: Can you explain the incident response life cycle and its key phases? The NIST incident response life cycle breaks the incident response life cycle down into four different phases. First is preparation, detection, and analysis of the incident; containment, eradication, and recovery; and finally, post-incident analysis. Cybersecurity is a field which is greatly focused on policy and frameworks, so referencing an industry-standard framework like NIST can help an employer feel confident about your capabilities. 3. What are the common sources of incident alerts? Question number three: What are some common sources of incident alerts? Intrusion detection systems, security information and event monitoring solutions, firewalls, antivirus, and user reports. 4. What are the common indicators of a security incident? Number four: What are some common indicators of a security incident? Common indicators include unusual network traffic patterns, unauthorized access attempts, unexpected system behavior, and, of course, malware infections. 5. Define the term "indicators of compromise." Question number five: Define the term "indicators of compromise" and explain how they are used in incident response. Indicators of compromise are artifacts or behaviors that indicate the presence of a security incident or compromise. These can include IP addresses, domain names, file hashes, registry keys, and network traffic patterns. These are used to detect, investigate, and remediate security incidents. 6. Proactive and reactive incident response strategies. Explain the difference between proactive and reactive incident response strategies. Proactive incident response involves implementing preventive measures and proactive monitoring to identify and mitigate risks before they escalate into an incident. Reactive incident response is responding to an incident after it's happened. These steps include detection, analysis, containment, eradication, and recovery steps. 7. Root cause analysis. Question number seven: What is root cause analysis? Root cause analysis, sometimes referred to as RCA, is the formal effort to identify and document the root cause of an incident and then take preventive measures to ensure that the same problem does not happen again. 8. Packet analysis. What tools would you commonly use for packet analysis? Packet analysis involves examining network packets to understand communication patterns, identify anomalies, and detect malicious activity. Tools such as Wireshark and tcpdump are commonly used to capture and analyze packets. 9. How could you detect and block C2 communications during an incident? A command and control server is a remote server used by attackers to send commands to compromise systems and exfiltrate stolen data. Techniques for identifying and blocking C2 communications include network traffic analysis in intrusion detection and prevention systems and endpoint security controls. 10. Event log analysis. How is event log analysis conducted to detect and respond to security incidents? Event log analysis involves establishing baseline behavior, identifying anomalies, and prioritizing alerts based on severity. Event log analysis is a crucial capability of an incident responder. 11. Establishing a timeline. What is the importance of establishing a timeline during a digital forensics investigation? A good timeline being created during a digital forensics investigation is crucial for incident responders to understand what's going on. It helps them reconstruct the sequence of events leading up to the incident by correlating timestamps from different sources such as system logs, network traffic, and user activity. The timeline provides insight into the attacker's actions, a timeline of the incident, and affected systems. This information is invaluable for understanding the scope of the incident, identifying potential evidence, and formulating an effective response strategy. 12. How do you acquire a forensic image of a digital device? How do you acquire a forensic image of an affected device? Discuss the best practices and tools used to preserve the integrity of the evidence. Acquiring a forensic image of an affected digital device is crucial for both a forensics investigation and incident response. Best practices include using write blocker software or hardware to prevent alterations to the original data and thus the integrity of the evidence. Tools such as EnCase, FTK Imager, and DD for Linux are all commonly used for imaging during incident response. Rapid acquisition of the forensic image allows for the preservation of volatile evidence. 13. Explain the role of volatile data collection in digital forensics. Explain the role of volatile data collection as it pertains to digital forensics. What types of volatile data are typically collected from live systems, and how is that data used during the investigation? Volatile data collection involves capturing live system information such as running processes, network connections, open files, and system memory. In incident response, volatile data collection provides real-time insight into ongoing attacks, malware behavior, and active network connections. Analysis of volatile data helps identify malicious processes, detect unauthorized access, and gather evidence of attack or activity. By collecting volatile data promptly during the incident response, responders can capture critical evidence before it gets lost due to system shutdowns or volatile memory clearing.

password "infected" didn't work

MALDOVA!

this guy too funny

😍😍🤑🤑

They are so common and helpful. Thanks for to the point. Thanks

Thanks for sharing!!

Great questions, I’ve seen a few of these before.

Great learnings!

It was a bit too fast 😅

IS it safe to connect internet to the virtual machine while handling malware??

Thanks for the video bro if you make a playlist it'll help a lot!!