Cyber Incident Response with Splunk | TryHackMe Incident Handling with Splunk

Поделиться
HTML-код
  • Опубликовано: 10 ноя 2022
  • In this video walkthrough, we covered responding to cyber incident using Splunk to analyze the related events and uncover the attack artifacts.
    ******
    Receive Cyber Security Field Notes, Certification Notes and Special Training Videos
    / @motasemhamdan
    Writeup
    motasem-notes.net/cyber-incid...
    *******
    Splunk Training Playlist
    • Investigating Cerber R...
    ********
    LinkedIn
    [1]: / motasem-hamdan-7673289b
    [2]: / motasem-eldad-ha-bb424...
    Instagram
    / dev.stuxnet
    Twitter
    / manmotasem
    Facebook
    / motasemhamdantty
    ******

Комментарии • 33

  • @johnvardy9559
    @johnvardy9559 3 месяца назад

    great work!

  • @kazimtalibov3877
    @kazimtalibov3877 11 месяцев назад +2

    Good day! thanks for the video! How did you upload data ?Which data? Where did you get it? thanks

  • @tonyfernandes216
    @tonyfernandes216 Год назад +2

    You are simply the Best.

    • @albuandrei2005
      @albuandrei2005 Месяц назад

      I read that in Tina Turner's voice :P

  • @sehlibuilder6759
    @sehlibuilder6759 Год назад +2

    Thanks ! Informative content !
    Could you please share with us your notes so that we can use them during THM trainings ?

    • @MotasemHamdan
      @MotasemHamdan  Год назад +2

      Hello, notes are part of channel membership tier 2.
      Details:
      motasem-notes.net/cyber-security-field-notes/

  • @EmmanuelAwuzie
    @EmmanuelAwuzie 10 месяцев назад +1

    hello motasem i noticed you have a notes library with rich information i need those can i buy from you??

  • @Joyrolliiii
    @Joyrolliiii 7 месяцев назад

    Hi, i understand IP 40.80.148.42 has more logs. so basically it could be an attacker. however, how did you find/ why could you make sure that this IP was the attacker by looking the field? I'm looking at it but don't know what is the specific things that I need to look. Thank you for your video lecture, it really helps me a lot.

  • @muhammadrazahayder7264
    @muhammadrazahayder7264 Год назад

    Can have your notes if you deem appropriate? Please. It seems the ultimate sheet for any analyst.

  • @Gamer16232
    @Gamer16232 Год назад +8

    If we’re new to this how are we supposed to know acunetix is a vulnerability scanner? Remember most people here are trying to learn from scratch. I feel like this would be better if you go in with the mindset that you’re a noobie. Just my opinion

    • @CreepyGRC
      @CreepyGRC Год назад +2

      Mostly you apply OSINT as you continue to learn, everything started foggy for me until I am able to piece everything together and that's the challenge. Tryhackme and other platforms provide the leverage to piece them together compared to enrolling in courses.

    •  Год назад +2

      I was doing this on my own when I was looking for the web host and since I wasn't sure I looked it up on Google. Whenever the information isn't handed to you you should Google it. OSINT is a big part of security operations.

    • @vz7742
      @vz7742 Год назад +1

      Its tipical shitty THM room in which they dont explain majority of stuff. Im switchingto HTB Academy on first July.

  • @martinbaran6439
    @martinbaran6439 3 месяца назад

    You said the attackers leveraged a vulnerability to gain access to the web server but that not true, the attacker actually brute forced his way in for the initial entry

  • @liebermen2369
    @liebermen2369 Месяц назад

    34:00 for some reason my hash value for the first log was different and the hash value of the third log turned out to be the correct answer, writing this comment here in case someone else gets this problem.

  • @johnvardy9559
    @johnvardy9559 3 месяца назад

    32:26 you have click on event 1 why you cklicked this one and not event 7?what is the mindset we have to invest all of these events.? what did you choose this one?

  • @Nasserr2
    @Nasserr2 9 месяцев назад +1

    is there a way we can get your notes ? they seem very good. also what note app is that

    • @MotasemHamdan
      @MotasemHamdan  9 месяцев назад

      Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
      ruclips.net/channel/UCNSdU_1ehXtGclimTVckHmQjoin
      Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
      motasem-notes.net/

  • @wazibabor3854
    @wazibabor3854 11 месяцев назад

    Hello Sir, can u trained us Cyber Incident Response with Splunk in the real world case with projects

  • @deonmarfo9878
    @deonmarfo9878 8 месяцев назад

    Thank You! Is there any way you can share your notes ?

    • @MotasemHamdan
      @MotasemHamdan  8 месяцев назад

      Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
      ruclips.net/channel/UCNSdU_1ehXtGclimTVckHmQjoin
      Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
      motasem-notes.net/

  • @CreepyGRC
    @CreepyGRC Год назад +2

    Is this the reason why organizations prefer ELK stack because splunk is harder to query? Haha. Do you know other query tools Motasem aside from Sigma, would love to hear your suggestions. :D

    • @MotasemHamdan
      @MotasemHamdan  Год назад +2

      Brim is a great tool to analyze network packet captures and works based on queries.

  • @kevingardocki
    @kevingardocki Год назад

    When I put in index=botsv1 , no events are popping up , is there a step in the beginning im missing?

    • @MotasemHamdan
      @MotasemHamdan  Год назад +1

      Did you try index=* ?

    • @kevingardocki
      @kevingardocki Год назад

      @@MotasemHamdan yes that as well are you putting in data sets ? I tried index=“botsv1”
      I wonder if anything change with values

    • @user-if6ul2yg3g
      @user-if6ul2yg3g Год назад

      @@kevingardocki try change smart mode to the verbose mode, and time setting from last 24hr to all time. you can find them in the right part of the page

    • @hidden9495
      @hidden9495 Год назад

      What about time period? Might be changing it into "All time" might help.

    • @CertifiedOtherBoy-cn7pg
      @CertifiedOtherBoy-cn7pg 11 месяцев назад

      @@hidden9495 That's what it was for me. Changing to All Time did the trick.

Следующие
Автовоспроизведение
Investigate an Infected Machine with Splunk | TryHackMe Benign22:07Investigate an Infected Machine with Splunk | TryHackMe Benign
Investigate an Infected Machine with Splunk | TryHackMe BenignMotasem Hamdan
Просмотров 7 тыс.
Incident Response: Azure Log Analysis19:15Incident Response: Azure Log Analysis
Incident Response: Azure Log AnalysisJohn Hammond
Просмотров 64 тыс.
Cyber Incident Investigation with Splunk | TryHackMe Investigating with Splunk14:28Cyber Incident Investigation with Splunk | TryHackMe Investigating with Splunk
Cyber Incident Investigation with Splunk | TryHackMe Investigating with SplunkMotasem Hamdan
Просмотров 13 тыс.
I try every art form20:44I try every art form
I try every art formBrittany Broski
Просмотров 632 тыс.
Unstoppable Simone Biles Wins 6th Gold Medal With Spectacular Floor Routine! | Paris Olympics05:26Unstoppable Simone Biles Wins 6th Gold Medal With Spectacular Floor Routine! | Paris Olympics
Unstoppable Simone Biles Wins 6th Gold Medal With Spectacular Floor Routine! | Paris OlympicsPeacock
Просмотров 1,1 млн
A$AP ROCKY - HIGHJACK (Audio)03:14A$AP ROCKY - HIGHJACK (Audio)
A$AP ROCKY - HIGHJACK (Audio)ASAPROCKYUPTOWN
Просмотров 377 тыс.
DRAGON BALL: Sparking! ZERO - Saiyan & Namek Sagas Character Trailer03:27DRAGON BALL: Sparking! ZERO – Saiyan & Namek Sagas Character Trailer
DRAGON BALL: Sparking! ZERO - Saiyan & Namek Sagas Character TrailerBandai Namco Entertainment America
Просмотров 1,1 млн
Mastering Phishing Email Analysis: Incident Response1:56:30Mastering Phishing Email Analysis: Incident Response
Mastering Phishing Email Analysis: Incident ResponseSIEM XPERT
Просмотров 26 тыс.
Incident Handling with Splunk Series 1/6 : Detecting Reconnaissance Activity | Try Hack Me Tutorial9:22Incident Handling with Splunk Series 1/6 : Detecting Reconnaissance Activity | Try Hack Me Tutorial
Incident Handling with Splunk Series 1/6 : Detecting Reconnaissance Activity | Try Hack Me TutorialHoplite Security
Просмотров 264
Hack like Mr Robot // WiFi, Bluetooth and Scada hacking45:23Hack like Mr Robot // WiFi, Bluetooth and Scada hacking
Hack like Mr Robot // WiFi, Bluetooth and Scada hackingDavid Bombal
Просмотров 2,1 млн
SOC 101: Real-time Incident Response Walkthrough12:30SOC 101: Real-time Incident Response Walkthrough
SOC 101: Real-time Incident Response WalkthroughExabeam
Просмотров 195 тыс.
Как техническому специалисту реагировать на инциденты ИБ1:57:14Как техническому специалисту реагировать на инциденты ИБ
Как техническому специалисту реагировать на инциденты ИБPT Product Update
Просмотров 3,7 тыс.
Splunk SIEM Basics For Beginners | TryHackMe Splunk: Basics24:03Splunk SIEM Basics For Beginners | TryHackMe Splunk: Basics
Splunk SIEM Basics For Beginners | TryHackMe Splunk: BasicsMotasem Hamdan
Просмотров 40 тыс.
Beginner cyber security projects you NEED to get hired8:32Beginner cyber security projects you NEED to get hired
Beginner cyber security projects you NEED to get hiredUnixGuy | Cyber Security
Просмотров 404 тыс.
Password Hacking in Kali Linux24:22Password Hacking in Kali Linux
Password Hacking in Kali LinuxJohn Hammond
Просмотров 775 тыс.
Incident Handling with Splunk | SOC Level 1 | TryHackMe29:41Incident Handling with Splunk | SOC Level 1 | TryHackMe
Incident Handling with Splunk | SOC Level 1 | TryHackMeBsar | Cyber
Просмотров 73
Платье Мурсдей покупай - шоколадки получай! 👗🍫 #симбочка #симба #симбакликер00:32Платье Мурсдей покупай — шоколадки получай! 👗🍫 #симбочка #симба #симбакликер
Платье Мурсдей покупай - шоколадки получай! 👗🍫 #симбочка #симба #симбакликерСимбочка Пимпочка
Просмотров 2,4 млн
Как похудеть на 10 кг ?!07:06Как похудеть на 10 кг ?!
Как похудеть на 10 кг ?!Dobryak
Просмотров 625 тыс.
Terence Crawford vs. Israil Madrimov - FullFight Highlights21:54Terence Crawford vs. Israil Madrimov - FullFight Highlights
Terence Crawford vs. Israil Madrimov - FullFight HighlightsLORD NANA
Просмотров 811 тыс.
Тест Драйв Беспилотного Такси | Маргулан Сейсембаев01:01Тест Драйв Беспилотного Такси | Маргулан Сейсембаев
Тест Драйв Беспилотного Такси | Маргулан СейсембаевМАРГУЛАН СЕЙСЕМБАЕВ SHORTS
Просмотров 1,6 млн
ДИАНА УЕХАЛА ОТ РОДИТЕЛЕЙ!!! РУМ ТУР!!!48:12ДИАНА УЕХАЛА ОТ РОДИТЕЛЕЙ!!! РУМ ТУР!!!
ДИАНА УЕХАЛА ОТ РОДИТЕЛЕЙ!!! РУМ ТУР!!!Lady Diana VLOG
Просмотров 1,1 млн
Schoolboy - Часть 200:12Schoolboy - Часть 2
Schoolboy - Часть 2⚡️КАН АНДРЕЙ⚡️
Просмотров 2,6 млн
Pull The Lever challenge! Who's the lucky one? (Funny Minecraft Animation) #shorts #cartoon00:23Pull The Lever challenge! Who's the lucky one? (Funny Minecraft Animation) #shorts #cartoon
Pull The Lever challenge! Who's the lucky one? (Funny Minecraft Animation) #shorts #cartoontoonz CRAFT
Просмотров 7 млн
Обмен века - кого обменяли Россия, ЕС и США16:11Обмен века — кого обменяли Россия, ЕС и США
Обмен века - кого обменяли Россия, ЕС и СШАОстрый Угол
Просмотров 290 тыс.