Collaborate Disseminate
I am analyzing some network logs captured in a school from all sorts of hosts e.g Chromebooks, BYOD Android phones and is hard to track exactly the type since wifi is open.
I see some strange traffic.
dstip=192.0.0.1
app=S… Continue reading BOGON network traffic alerts
I loaded a client-side .svclog file inside Microsoft Service Trace Viewer and there are a lot of entries in the log saying setting up secure session and close secure session, each taking more time than usual. For example, set… Continue reading What should be done to determine why it takes so long to set up a secure session using TLS?
I am using Ubuntu linux. I want to track my data which is going to the internet or coming from internet.
As per my knowledge, few softwares are uploading logs on their sites which contains basic information of system.
Let’s say that we have arbitrary apache log, something like:
157.55.39.243 – [13/Sep/2018:06:29:29 -0300] “GET /pbh/ecp/comunidade.do?app=financas&pg=5565&tax=37049 HTTP/1.1” 302 275 “-” “Mozilla/5.0 (compatible; bin… Continue reading Is there a way to scan apache log for malicious traffic? [closed]
Basically what the title says. I recently had a look at my /var/log/install.log and the earliest entries are from about 2 full months prior to me unboxing the computer.
The packaging had cellophane, no indication it was seco… Continue reading MacBookPro’s OSX install.log has entries that predate the initial unboxing
I was grepping through /var/log/auth.log and noticed that for some reason, not every time, but sometimes when I would log in via SSH I would see entries like the following – where there were multiple sessions opened (at the e… Continue reading Multiple sshd sessions for single SSH login
I am removing malware from my grandpa’s Windows computer using the system internals suite. I suspect he has a Trojan which has been making remote connections and downloading a TON of viruses every day.
There are a lot of pr… Continue reading I need help finding a list or a reference of DLL’s for discovering hijacked programs
I want to read security audit logs from a network service. By default, Network Service does not have permission to read but it can if the account is added to “Event Log Readers”. One of the examples is mentioned here.
I am making a conceptual work-flow of a SOC so if we suppose that a SIEM solution is integrated inside an organization’s in-house SOC. Also, if the team of the SOC is the one managing the SIEM solution.
My question is when w… Continue reading SOC and generic log parsing
I found these entries in my access log, and I found them rather weird. As I don’t know what HEAD’s purpose is here or what their intent was with this. I have the first couple as an example, but it’s happened from multiple IPs… Continue reading What is going on with these requests? HEAD with encoded backslash, and my site embedded in the url