Ransomware Investigation with Splunk | TryHackMe PS Eclipse
HTML-код
- Опубликовано: 14 ноя 2022
- In this video walk-through, we used Splunk to investigate the ransomware activity on a Windows machine. The ransomware was downloaded to the machine through Powershell and did a partial file system encryption.
********
Splunk Training Playlist
• Investigating Cerber R...
******
Receive Cyber Security Field Notes and Special Training Videos
/ @motasemhamdan
*******
Writeup
motasem-notes.net/ransomware-...
********
Instagram
/ dev.stuxnet
Twitter
/ manmotasem
Facebook
/ motasemhamdantty
LinkedIn
[1]: / motasem-hamdan-7673289b
[2]: / motasem-eldad-ha-bb424...
Website
www.motasem-notes.net
Patreon
www.patreon.com/motasemhamdan...
Backup channel
/ @hacknotesbackup
My Movie channel:
/ @motasemhamdanhacknotes
******
Wonderful video.
Really helpful. Thanks 🙏🏽
Thanks! I was stuck at the end
Amazing video!
Thank you for giving us detailed insight into your methodology and thought process for this investigation.
I have learned so much from this one video!
Great video dude. I like how you teach. Keep it up!
Man loved it❤
Thanks that was great. One question. Instead of having to upload log files to splunk for analysis. Can I connect my devices to splunk directly. Secondly can splunk analyze snort log files? I’ve always seen suricata IDS log files in most demo…. Thirdly can you do a video on Microsoft sentinel. Thanks
yes, you can forward your logs using Splunk Universal Forwarder
By the way, the way I could be sure it was script.ps1 was by checking the hashes of all script files which shows them all are distributed by Microsoft, except script.ps1 which also shows as malicious
Definitely right it slipped off my mind.
how i become soc analyst hero?
by trying :)
First bro