Welcome🖐

Refer to Friday Overtime for the challenge room on TryHackMe Scenario On a Friday evening at PandaProbe Intelligence, a notification on the CTI platform indicates a new ticket from SwiftSpend Finance, raising concerns about potential malware threats. Despite it being the weekend, immediate attention is required due to the seriousness... [Read More]

Refer to Zeek Exercises for the challenge room on TryHackMe Case #1 - Anomalous DNS Scenario An alert triggered: "Anomalous DNS Activity". Inspect the PCAP and retrieve the artefacts to confirm this alert is a true positive. Task During this exercise, we will use the Zeek command with the -Cr... [Read More]

Refer to Live Attacks for the challenge room on TryHackMe Scenario #1, Brute-force The company is under the brute-force attack, observe the traffic with Snort and identify the anomaly first. Then creating a rule to stop the attack. Start Snort in sniffer mode and figure out the attack source, service... [Read More]

Refer to The Basics for the challenge room on TryHackMe Writing IDS Rules (HTTP) Write a single rule to detect "all TCP port 80 traffic" packets in the given pcap file. Number of detected packets?Since the question pertains to HTTP traffic (TCP port 80), the rule should specify tcp port... [Read More]

This is a demo post to show you how to write blog posts with markdown. I strongly encourage you to take 5 minutes to learn how to write in markdown - it’ll teach you how to transform regular text into bold/italics/tables/etc.I also encourage you to look at the code that... [Read More]