Collaborate Disseminate
I’ve got a PCAP file that has 3,445 HTTP "206 Partial Content" packets for the application/pdf media type. Each of these requests is for the same file, different Content-Ranges are being requested each time as a covert means of d… Continue reading Why is the output of tshark `http.file_data` different from the Content Length? [migrated]
I have taken a DFIR course, but I have not worked with an SME. Looking at this SuperTimeline output, I saw something like what is pictured. SVCHOST executing from prefetch and the file then being deleted. The other instance is modificatio… Continue reading Log analysis of suspicious activity [closed]
I have been wondering if someone is accessing my system and after doing using some basic assessment tools like netstat and event viewer, found some unusual open ports(12345) and special Logon! below is the screenshots I would really apprec… Continue reading Is someone accessing my win10 computer?
I see thousands of entries in my web logs over two days from a specific IP.
The firewall reacted with client-rst, server-rst, deny and close actions.
I have only a few entries that went through SSL 443 port and that website has nothing muc… Continue reading suspicious ip traces [closed]
I have been given a take-home assignment for a job application and wanted to ask if anybody could give me some feedback. Here is the assignment and my report :
https://pastebin.com/593XDMa9 (my report)
https://maroon-appolonia-17.tiiny.sit… Continue reading could anyone please give me some feedback on my take home assingment? [closed]
I have observed that in modsecurity version 3.0.8 ,when the rules 981045, 912140 and 217140 are fired, a large number of audit logs are recorded without messages. How can I resolve it?
an example of one of the audit logs is as follows:
{&q… Continue reading a lot of audit logs with no message for the rules 981045, 912140 and 217140 [closed]
As I understand, user behaviour analytics (UBA) makes use of statistical analysis of user behaviour to identify abnormal behaviour that may be indicative of a cyber attack.
Security information and event management (SIEM) technology analys… Continue reading Does SIEM incorporate UBA? [closed]
I was looking through my Apache log files and besides other GET requests with response status codes of 4XX (error), I’ve found this one which has a 200 (success) response status code:
"GET /?rest_route=/wp/v2/users/ HTTP/1.1" 200… Continue reading Understanding suspicious HTTP GET Request
I recently found out that my pc has been infected by some serious spyware and while I did successfully remove them, I’m afraid that that malware affected the antimalware and management solutions I installed on my PC.
In order to find out w… Continue reading How do I track all the different types of event logs exclusive to an antimalware software or pc recovery software? [migrated]
I have been tasked to analyse some logs in Elk stack.
These logs are http requests coming from different applications in our software factory.
I want to set up some sort of SIEM in Kibana but I don´t know exactly what are the right steps.
… Continue reading Setting up an ELK SIEM [closed]