Incident Management & Monitoring
What is the best books for beginners on Incident Management & Monitoring ?
who have especially advice for a beginner?
share me pls
Collaborate Disseminate
What is the best books for beginners on Incident Management & Monitoring ?
who have especially advice for a beginner?
share me pls
I was wondering if it’s reasonable and forensically correct to use Clonezilla for the image of an attacked machine.
Since some of the commercial products are very expensive I’m turning to open source solutions.
Provided that:
is an offlin… Continue reading Clonezilla for forensic disk image
I’m seeing over 1000 attempts to hit my API endpoints with many 500 responses. It seems clear that the would-be attacker is attempting to poke around the APIs, but it isn’t clear to me what type of attack they’re attempting. Hoping someone… Continue reading Based on these HTTPS requests what type of attack is this?
For the second time my website seems to be the target of a large automated attack. It seems complex enough and very well executed. I have the following systems in place:
Captcha on 3rd failed login from IP
Account lock for 30 min after 5 … Continue reading Prevent a bot accessing login page with multiple IPs and massive list of username/ passwords
I run a combination of Linux & Windows machines with Dropbox.
Many "selective sync conflicts" occurred, for unknown reasons. Meaning two copies of the same folder appear on dropbox – each copy should be identical.
I will pic… Continue reading Could presence of the string "_CONSOLE" in multiple files indicate a hack?
I’m reasonably technically competent, but I don’t know how to interpret this PC issue. As its a real-world incident, there’s some back-story.
I’m in the UK. The suspect PC runs Win8.1 up to date, used for simple desktop stuff by a family… Continue reading Has this PC been hacked? What’s going on?
On the last few days, one of our endpoints calls to testgvbgjbhjb.com
the calls came from google chrome outside.
I used TCPView to find suspicious connections and check if there any unknown
extension.
The owner of the domain made it a 1… Continue reading Suspicious calls to testgvbgjbhjb.com
Title: ALA4747 – AV Policy violation, Tor anonymity network usage on 172.30.0.11 (172.30.0.11:64689 -> 8.8.8.8:53)
Extra info:
Source IPs: 172.30.0.11
Source Ports: 64689
Dest. IPs: 8.8.8.8
Dest. Ports: 53
Ticket details
Descripti… Continue reading AlienVault Alert – What is this event saying? [closed]
I was looking for conditions/circumstances under which Dllhost.exe can spawn a child process. I examined a huge quantity of event logs from various Windows system and didn’t come across any event in which Dllhost.exe spawns a child process… Continue reading Under which conditions can dllhost.exe spawn child process? | MITRE ATT&CK T1191
Are there any tools that one can reliably use for decompiling malicious executables in order to understand the inner workings of the same? Or any other reliable tool/way to quickly derive the code?
Continue reading Tools for reverse engineering malicious executables?