Analyzing Cybersecurity Incidents with Zeek IDS | TryHackMe Zeek Exercises
HTML-код
- Опубликовано: 15 сен 2024
- In this video walkthrough, we covered examples of analyzing cybersecurity incidents such as Anomalous DNS, phishing attacks and the Log4j vulnerability using Zeek IDS. We used Zeek IDS in offline packet analysis mode while it can still be used in a live captured mode. The examples used in the video are part of TryHackMe Zeek Exercises room which is part of the SOC Level 1 Track.
*****
Receive Cyber Security Field, Certifications Notes and Special Training Videos
/ @motasemhamdan
******
TryHackMe Zeek Exercises
tryhackme.com/...
Writeup
motasem-notes....
********
LinkedIn
[1]: / motasem-hamdan-7673289b
[2]: / motasem-eldad-ha-bb424...
Instagram
/ dev.stuxnet
Twitter
/ manmotasem
Facebook
/ motasemhamdantty
life saver. AS someone that has never worked with Zeek before, except through your tutorials, it's hard to know in what fields to look. Although your explanation on how to look into each field is really useful.
For anyone doing this, make sure you look at the Hint in THM
Thank you!
THANK YOU
Is it possible to get access to your note for some commands search
Thanks
cat dns.log | zeek-cut query | rev | cut -d '.' -f 1-2 | rev | sort | uniq , i used this to get the answer for "What is the number of unique domain queries? " for task 2