-
Perform Port and Service Discovery using MegaPing
Perform Port and Service Discovery using MegaPing Overview of Port and Service Discovery Port scanning techniques are categorized according to the type of protocol used for communication within the network. Download The MegaPing application install & Launch it and click on I Agree The MegaPing (Unregistered) GUI appears displaying the System Info, as shown in…
-
Perform Host Discovery using Angry IP Scanner
Perform Host Discovery using Angry IP Scanner Angry IP Scanner is an open-source and cross-platform network scanner designed to scan IP addresses as well as ports. It simply pings each IP address to check if it is alive; then, optionally by resolving its hostname, determines the MAC address, scans ports, etc. The amount of gathered…
-
Perform host discovery using Nmap
Perform host discovery using Nmap 1.Perform host discovery using Nmap Nmap is a utility used for network discovery, network administration, and security auditing. It is also used to perform tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Here, we will use Nmap to discover a list of live…
-
Snort Challenge โ Live Attacks Room
Task 1 Introduction The room invites you to a challenge where you will investigate a series of traffic data and stop malicious activity under two different scenarios. Letโs start working with Snort to analyse live and captured traffic. Before joining this room, we suggest completing the โSnortโ room. Note: There are two VMs attached to this challenge. Each…
-
Sigma
Task 1 Introduction- Introduction Detection engineering is an important role and task for a security analyst. It involves developing processes that will guide you as an analyst to identify threats before they cause any harm to an environment through the use of rules. This room will introduce you to Sigma, an open-source generic signature language…
-
Threat Intelligence for SOC
Task 1ย ย Introduction Is your organisation prepared to handle emerging threats like new malware IOCs or zero days? And in any case, can you determine unknown adversaries or apply known indicators from reliable sources in your Security Operations pipeline? Such questions arise when you think of the ever-going cat-and-mouse game of threat actors and security analysts…
-
Tactical Detection
Task 1ย ย Introduction Youโre hired as a security engineer, and you want to make a good impression. You noticed that thereโs a default ruleset available, and it has already been enabled. The SOC team seems to function, albeit not as efficiently as you might expect – then it dawns on you; the default rules just wonโt cut it. This…
-
Intro to Detection Engineering
Task 1ย ย Introduction Detection engineering is an important role and task for a security analyst. It involves developing processes that will guide you as an analyst to identify threats, detect them through rules and processes, and fine-tune the process as the landscape changes. Learning Objectives Task 2ย ย What is Detection Engineering? ๏ปฟDetection Engineering Cybersecurity is growing and…
-
Custom Alert Rules in Wazuh
Custom Alert Rules in Wazuh Task 1 Introduction Wazuh is an open-source security detection tool that works on top of the ELK stack (Elasticsearch, Logstash, and Kibana) and is designed to identify threats using its alert rule system. This system uses rules to search for potential security threats or issues in logs from various sources,…
-
Footprinting a Target using OSINT Framework
Footprinting a Target using OSINT Framework OSINT Framework is an open source intelligence gathering framework that helps security professionals for performing automated footprinting and reconnaissance, OSINT research, and intelligence gathering. It is focused on gathering information from free tools or resources. This framework includes a simple web interface that lists various OSINT tools arranged by…