LetsDefend-SOC-164- Suspicious Mshta BehaviorWe have a new alert regarding low reputation hta file executed via mshta.exe.Sep 2Sep 2
LetsDefend- SOC142 — Multiple HTTP 500 ResponseIn this alert we have a problem related to the HTTP response status.Apr 19, 20231Apr 19, 20231
Unpacking the Power of Intelligence-Driven Incident Response: Lessons from Scott J.What is the book about?Feb 28, 2023Feb 28, 2023
LetsDefend-SOC163 — Suspicious Certutil.exe UsageCertutil.exe is a command-line program intended by Microsoft used to dump and view certificate authority (CA) configuration information…Jan 17, 2023Jan 17, 2023
ATT&CK for Cyber Threat Intelligence Training — Module 3: Mapping to ATT&CK from raw dataIn this course we have the opportunity not only to study what ATT&CK is but also to test ourselves through practical exercises.Dec 13, 2022Dec 13, 2022
LetsDefend- SOC112 — Traffic to Blacklisted IPIP blacklisting is a technique for preventing fraudulent or unauthorized IP addresses from connecting to your networks. Blacklists are…Nov 23, 2022Nov 23, 2022
LetsDefend- SOC 175- PowerShell Found in Requested URL-Microsoft Exchange Server…In early August, the GTSC SOC team (Vietnamese company) discovered two new vulnerabilities that were reported to the Zero-day Initiative…Oct 18, 2022Oct 18, 2022
SOC167 — LS Command Detected in Requested URL — Letsdefend.ioIn this case we have a suspected web attack, the information available for our analysis is outlined below:Oct 1, 2022Oct 1, 2022
Browser fingerprinting and “Cover Your Tracks” ProjectWhat is Browser fingerprinting?Sep 3, 2022Sep 3, 2022
Metasploit: Exploitation Walkthrough TryHackMeThe Metasploit Project is a computer security initiative that aids penetration testing and gives information on security flaws.Aug 4, 2022Aug 4, 2022