Knowing which lab to do is one thing but your detailed explanations of the topics are so helpful. Working through your project videos and adding them to my github portfolio. Keep it up!
@12:33 One of those days I'll make a t-shirt saying "sort | uniq -c | sort -nr" since this is also my most used bash command sequence. Great content as always!
Thank you for the wonderful content, Whenever I encounter these type of challenges specially in THM, I test a python script to parse data. I practice that not to discourage the knowledge of log analysis but I found that method instead, just in case there are scenario's that are needed to be delivered in fast phased environment, implementations and analysis.
Hi, I have just started learning SOC and my question may be seems silly, but what happens if attacker deletes log files after gaining access as a sudo user.
Not silly at all and a valid question! This is where we hope you are sending logs over to a SIEM :) if not, forensics could hopefully help by looking at other logs (if applicable) - there will always be traces left behind. Although we won’t get 100%, but if we can get enough evidence, we can be in a good spot.
Great question, on paper the first session is indeed 34 BUT nothing was “done” within that session and lasted only a second thus, it was likely an automated scan of some sort. In session 37, the attacker actually did stuff making this the session of interest.
Knowing which lab to do is one thing but your detailed explanations of the topics are so helpful. Working through your project videos and adding them to my github portfolio. Keep it up!
You're very welcome! More labs to come :)
Awesome👌💓💯
Looking forward to your SOC course.
Thank you❤️
@12:33
One of those days I'll make a t-shirt saying "sort | uniq -c | sort -nr" since this is also my most used bash command sequence.
Great content as always!
😂😂that is a good idea
Good content. I’m patiently waiting for the full SOC Analyst course😊
Thanks ❤️❤️
Well-explained
Thank you ❤️
excellent content bro
Appreciate it!
Thank you for the wonderful content, Whenever I encounter these type of challenges specially in THM, I test a python script to parse data. I practice that not to discourage the knowledge of log analysis but I found that method instead, just in case there are scenario's that are needed to be delivered in fast phased environment, implementations and analysis.
A python script is a wonderful idea, in fact I would encourage it! Great job 🙌
Wsl is not working on my windows virtual box , so how to open the hackthebox file in linix
You could download ubuntu desktop VM or transfer it over from your Windows host to Ubuntu VM
Hi, I have just started learning SOC and my question may be seems silly, but what happens if attacker deletes log files after gaining access as a sudo user.
Not silly at all and a valid question! This is where we hope you are sending logs over to a SIEM :) if not, forensics could hopefully help by looking at other logs (if applicable) - there will always be traces left behind. Although we won’t get 100%, but if we can get enough evidence, we can be in a good spot.
@@MyDFIR Thanks for reply, much appreciated.
hi, can you tell me why we took 37 as task 4's answer
first session is 34 right
i did not understand that part
is it because the session only lasted for a sec
Great question, on paper the first session is indeed 34 BUT nothing was “done” within that session and lasted only a second thus, it was likely an automated scan of some sort. In session 37, the attacker actually did stuff making this the session of interest.
Hey buddy,
Please I need help with configuring sec onion
Where are you stuck?
MORE
❤️ thanks for watching!
SOC course price is too high for Indian students.... Please decrease it
You can learn from my RUclips channel👍 and the many free resources out there!
But we want to course