Hello, i was wondering if you have a video tutorial on how to make a home lab for these trainings.
@cybersecurityfreeresource27812 күн бұрын
Hello @MichaelAngeloValenzuela nothing really special to setting it up I mainly used images that already have built in forensic and malware analysis tools. You just need to have invest in either any VM software (there are free ones as well) like VMWare/VirtualBox (free) etc. Download the image and mount it that's it. They make life much more easier rather than building from blank VM and installing tools one by one. Here are my top recommendations or all time favorites so far. Hope this helps. :) -www.sans.org/tools/sift-workstation/ -remnux.org/#distro -github.com/mandiant/flare-vm
@MichaelAngeloValenzuela13 күн бұрын
Hello i like your video's tutorials, i just want to ask if cyberdefenders is good for practice in soc analyst lvl 1 job and do they have certifications for the course (not the Certified CyberDefender (CCD) Blue team & SOC analyst certification which cost a lot for me hahaha)
@cybersecurityfreeresource27812 күн бұрын
Yeah definitely they are really good back then most of them are free and as you can see much of my content is from them. CCD is one of the cheapest Blue team cert out there and I have heard the instructor who made them are really good they have undergone SANS trainings too. If you have not heard of SANS trainings I suggest you research about it and compare the cost of CCD against SANS training.
@MichaelAngeloValenzuela12 күн бұрын
@@cybersecurityfreeresource278 Ohh ok i will check SANs, I got another question is it okay to use the NAT option in VM while downloading and activating those laboratory file practice from cyberdefenders in my VM? or should i use the host-only option?
@mehervardhan2177Ай бұрын
can i get any refernce materials to get more idea on DEBUGGING and reverse engineering
@cybersecurityfreeresource27827 күн бұрын
I have really no one size fits all reference for you, but one thing I can give you is go to Cyberdefenders.org and try to take on the malware analysis challenges from there and read walkthrus about it. Then build yourself a document containing all what you learned, there's an element of retention and retaining the knowledge in your memory thru that method. Also try to read one article about malware analysis every day. That will compound over time. Hope that helps.
@santyk9211Ай бұрын
Knowledgeable video. Please keep doing good work.
@kibet.whitehat2 ай бұрын
Much appreciation my guy!
@ginal29852 ай бұрын
Awesome video, I am struggling when I run: index="botsv1" ip="192.168.250.70" | stats count by url I get no results in statistics
@zer0dac-security3 ай бұрын
for broken path issues: if you are doing it on your main machine open your bashrc file and change the last line with > export PATH=/home/<username>/.local/bin/:usr/lib/lightdm/lightdm:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
@jhovannicastillo37113 ай бұрын
thanks for sharing
@cybersecurityfreeresource2783 ай бұрын
Thanks for watching! Please like and subscribe :)
@JumperNYC4 ай бұрын
very helpful thank you so much, i was lost at first because theres no tutorial within the platform
@cybersecurityfreeresource2784 ай бұрын
Glad it helped! Please subscribe and share :)
@user-wb8kw4lr9v4 ай бұрын
Hello once again. Please which terminal can I run these commands on and how do I get it
@cybersecurityfreeresource2784 ай бұрын
Hello @user-wb8kw4lr9v maybe these writeup version could help you. It will walk you through how to setup Volatility memory analysis tool. Please have a read and let me know - cybersecurityfreeresource.wordpress.com/2022/05/24/volatility3-memory-analysis-tool-setup-guide/
@user-wb8kw4lr9v4 ай бұрын
Hello I was confused with the terminal you are working with...how do I get it thank you
@cybersecurityfreeresource2784 ай бұрын
Hello @user-wb8kw4lr9v oh for the Volatility you have to set it up and install on your linux machine like Ubuntu or other flavors. Windows have subsystem linux as well you can follow my guides below how to set it up. kzbin.info/www/bejne/aojaiWl7fdqlrLc kzbin.info/www/bejne/rJ-Yg5-fh6unjdE
@user-wb8kw4lr9v4 ай бұрын
Thanks @@cybersecurityfreeresource278
@Sam_Fishe45 ай бұрын
Great content, can you upload more threat hunting labs?
@cybersecurityfreeresource2785 ай бұрын
Oh sure thing is it also from CYberDefenders website if you can share some threat hunting labs it will be appreciated :)
@detdouche23826 ай бұрын
Thank you so much for your help; it was incredibly valuable to me. Please keep up the excellent work! If possible, could you create more videos? I think it would be very helpful to have a video explaining the function of each command you used or commonly used in general. I'm not sure if you've made a video like that before; if you have, could you please share the link? Thank you!"
@cybersecurityfreeresource2785 ай бұрын
@detdouche2382 Oh yeah thank you for that feedback you are right I think I assumed viewer are familiar with volatility commands. Will try to be more verbose on my explanations on my succeeding videos. Cheers! :)
@zhalgaskamzabekov21516 ай бұрын
what is PECmd.exe in 9th question?
@cybersecurityfreeresource2786 ай бұрын
Hi @zhalgaskamzabekov2151 good question, PECmd.exe is a windows prefetch parser developed by Eric Zimmerman. You cannot view the contents of a prefetch file as it is encrypted hence we need some tool that will parse it for us. Hope this helps.
@XieShelby6 ай бұрын
quick question. can it be cleared?
@cybersecurityfreeresource2786 ай бұрын
Not that I know of, as per its normal behavior it is written in memory at first and then written to registry upon shutdown/reboot. It also has limited entries around 1024 for Win10 last I checked and it rolls over meaning oldest entry are being replaced by new ones. Hope this helps.
@indiandhamaka17267 ай бұрын
your videos are helpful but i am expecting to learn why need to search in specific way or something which helps to develop logic
@cybersecurityfreeresource2787 ай бұрын
Sure thing what about the video do you need more explanation? Please let me know.
@albertmoises68007 ай бұрын
😒 "Promo sm"
@cybersecurityfreeresource2787 ай бұрын
what do you mean by sm? sorry did not get it :D
@docmalitt8 ай бұрын
do you remember when you had to hack your way in to get "invite/password" for HTB?
@cybersecurityfreeresource2788 ай бұрын
Haha yeah fun days :D
@madeonukraine50748 ай бұрын
where instruction?
@cybersecurityfreeresource2788 ай бұрын
Can you clarify please what instruction are you looking for specifically?
@esml49 ай бұрын
Thanks for video.
@cybersecurityfreeresource2789 ай бұрын
You are welcome. :)
@francesco209210 ай бұрын
why i would see more file but i have denied access, i am administrator...
@cybersecurityfreeresource2789 ай бұрын
It is good to double check your account membership as C:\Windows\Prefetch is only accessible by user with admin rights.
@rogergm6210 ай бұрын
Thanks!!! Excellent video..!!!
@daniel_uba10 ай бұрын
Thanks so much for this. I just started it. Its really helpful.
@cybersecurityfreeresource2789 ай бұрын
Glad it was helpful!
@BFF-zb1qn10 ай бұрын
ito ang pina ka maitinong .Boss of the SOC v2 Walkthrough... salamat lods!!!!
@cybersecurityfreeresource27810 ай бұрын
Thanks for the kind feedback :)
@giancf100010 ай бұрын
1st thanks for sharing this
@cybersecurityfreeresource27810 ай бұрын
Welcome please like and subscribe thanks😊
@GAME_VENTURE13011 ай бұрын
For the JavaScript code is it ok if I run it in an online compilers ?
@cybersecurityfreeresource27811 ай бұрын
Yeah you can, you can also throw it to any online sandbox like Anyrun it also works.
@aniruddhajadhav2474 Жыл бұрын
Nice, keep it up
@cybersecurityfreeresource278 Жыл бұрын
Thank you, I will
@0fzex003 Жыл бұрын
Pinoy?
@cybersecurityfreeresource278 Жыл бұрын
Yeah just between you and me :D
@royalan1471 Жыл бұрын
too much background noise and your voice is quiet. very helpful and informative though
@cybersecurityfreeresource278 Жыл бұрын
Sorry about that will try to use noise cancelling headset on my future recording thanks for the kind feedbacks :D Cheers!
@KyleStux Жыл бұрын
did u manage to get qn 45
@cybersecurityfreeresource278 Жыл бұрын
I have not got it sadly when I am trying this challenge pls share if you manage to solve it Kyle :)
@realguapo_mma Жыл бұрын
hey man i get down to C:\Users> then i type cd dfir and it says the system cannot find the path specified. please help
@cybersecurityfreeresource278 Жыл бұрын
Hey buddy oh the dfir is the username on my machine. Basically you just need to change that with correct directory where you Downloaded the file if it is in your Downloads folder so that path will be something like this C:\Users\youruser\Downloads so let's say if your username is say Matthew for example. The path will be C:\Users\Matthew\Downloads so in command prompt you could type cd C:\Users\Matthew\Downloads. Hope this makes sense and help. :)
@realguapo_mma Жыл бұрын
@@cybersecurityfreeresource278 wow ha nice thanks!
@matuchad1637 Жыл бұрын
Can I answer question 16 without using joesandboxcloud?
@cybersecurityfreeresource278 Жыл бұрын
Hi @Matucha yes definitely if you have a malware analysis machine with reversing tools like procmon or regshot or others you could detonate the malware and watch the written files in the temp using those tools. Hope this helps :)
@clearsky8980 Жыл бұрын
So boring! Get on with the useful stuff.
@cybersecurityfreeresource278 Жыл бұрын
Thanks buddy! Your comment means a lot will improve more :)
@yanivrozenberg4583 Жыл бұрын
I liked your channel, it is really helpful keep it up!
@cybersecurityfreeresource278 Жыл бұрын
Thanks for the kind words glad you liked it :)
@pifiah857 Жыл бұрын
How do I clear the shimcache records?
@cybersecurityfreeresource278 Жыл бұрын
Here is a good article for that hope this helps blueteamops.medium.com/shimcache-flush-89daff28d15e hope I can make a video for this soon but quite busy with CTF these days :D
@xDx4444 Жыл бұрын
Good job. You should submit this walkthrough on the cyberdefenders challenge page.
@cybersecurityfreeresource278 Жыл бұрын
Thanks Warde yup thanks for reminding me that already submitted to CyberDefenders Cheers :D
@ucgia9270 Жыл бұрын
This video is very helpful. Thank you so much. Hope you will continue making great videos
@cybersecurityfreeresource278 Жыл бұрын
Thanks happy to help. :D Please like and subscribe!
@xDx4444 Жыл бұрын
Thanks for the walkthrough, mate :) Keep them coming ^^
@cybersecurityfreeresource278 Жыл бұрын
Sure mate glad you liked it and hope it was helpful in some way will sure do please subscribe and share :)
@ali945sdashhs Жыл бұрын
Hello i'm facing a problem when i run MRC and chose a name and path for file i get the following error: Run-time error '6': Overflow also the info it shows is 0mb: 0mb of system memory to be captured
@cybersecurityfreeresource278 Жыл бұрын
Try running it using administrator user and pointing to a path that is not used by the Operating System such as C:\Windows try using another path like your drive D or drive E of course it has to have enough free space as well more than the size of physical RAM of the machine being captured. Let me know if this helps or not. Thanks. :)
@abidhossainmanu7827 Жыл бұрын
please share your all command in your blog or here.
@cybersecurityfreeresource278 Жыл бұрын
Hello Abid sure I have a parallel blog writeup for all my videos you can find here please like and subscribe cheers :D cybersecurityfreeresource.wordpress.com/2022/05/24/volatility3-memory-analysis-tool-setup-guide/
@abidhossainmanu7827 Жыл бұрын
@@cybersecurityfreeresource278 I have been for a long time follow your KZbin Channel and seeing your videos.
@cybersecurityfreeresource278 Жыл бұрын
@@abidhossainmanu7827 appreciate it that means a lot to me thanks Abid :D
@Voskos Жыл бұрын
2 montths after I have to revisit and thank you for this video it helped me greatfully getting prepared for an interview and landed me a job so thanks homie <3
@cybersecurityfreeresource278 Жыл бұрын
Oh that's good to hear brother congratulations on your new job and I'm glad to be of some help to you in any way. Wish you all the best in your new job God bless! :)
@ryansandigan71842 жыл бұрын
I'm new to ELK stack... Thanks for this tutorial. Are you Filipino by chance?
@cybersecurityfreeresource2782 жыл бұрын
Thanks glad it helped. Prefer to stay anonymous and just contribute back to community :)
@zk321 Жыл бұрын
@@cybersecurityfreeresource278 I like that .. good video and message
@johnd46912 жыл бұрын
Very interesting my friend, i just Discover tour Channel and it's AMAZING!!!! thanks for share this contents
@cybersecurityfreeresource2782 жыл бұрын
Glad you liked it please share and subscribe :)
@BaoNgoc-jp1pn2 жыл бұрын
Can u share file docx investigate detail ?
@cybersecurityfreeresource2782 жыл бұрын
Hi Bao Ngoc, here is the best Sandbox result I can share with you for the weaponized doc file. Of course you could analyze it manually on your own malware lab but as SOC specialist time is of the essence in Incident Response and manual reverse engineering should be our last resort if all available sandbox is not giving us any credible results so I can advise you to maximize online tools out there. :) app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb/
@papaa4918 Жыл бұрын
@@cybersecurityfreeresource278 hey is there any chance to make refud the follina or can we put somthing else like ps1 or shellcode or command prompt script or anything else
@cybersecurityfreeresource278 Жыл бұрын
Hi @Pa Paa can you elaborate further on your question? What do you mean by refud?
@papaa4918 Жыл бұрын
@@cybersecurityfreeresource278 i mean can we lover the detection rate or can we put somthing else instead of html like command script or any other script to run payload
@cybersecurityfreeresource278 Жыл бұрын
Hi @PaPaa it doesn't work that way its not something that can be simulated by just a script. First and foremost, for exploits to run the machine where it is being run must have that vulnerability present. So for the case of Follina 0 day you have to know if your test machine is vulnerable to CVE-2022-30190. To ensure exploit will run successfully uninstall security patches related to that CVE. Disable windows defender or any endpoint protection on your test machine. Hope this helps.
@vypostories2 жыл бұрын
Thanks to this video! From the Philippines✌
@Voskos2 жыл бұрын
23:49 I just dont get how that exact salt is the answer and nothing else they all update a user makman based on the form_data sent with the request in my knowledge it could also be any of the other like 8 salts as they all sent and update the exact same user which none of them correlates with Frank, nothing on you , just super weird on that challenge if you know anything I don't know and could help me solve this I would love that thanks
@cybersecurityfreeresource2782 жыл бұрын
Hello Mike, yeah sorry for late reply was busy with work these past days. I think what I can share with you is you are correct the related user is makman but take into consideration that this is SQLi attack so from attacker perspective, the attacker is iterating or enumerating user salt hashes without real knowledge of actual DB users which can be used for brute forcing or decrypting further later on to compromise credentials. Hope that helps.
@Voskos2 жыл бұрын
@@cybersecurityfreeresource278 my man I realised what is going on eventually it became way more obvious when you were looking for the password of butn as you used a different query that went through all the requests and became way more clear. In the moment of the comment timestamp it was just salts have a nice one
@cybersecurityfreeresource2782 жыл бұрын
@@Voskos good to know your breakthrough have fun as well :)
@abidhossainmanu78272 жыл бұрын
lot of thanks to share these videos.
@cybersecurityfreeresource2782 жыл бұрын
Please subscribe and share :)
@servermadum72972 жыл бұрын
Thanks for video. I like the operating system very much, is it a ready VM?
@cybersecurityfreeresource2782 жыл бұрын
Hi Server MADUM glad you liked the video please subscribe and share. Regarding your question nope it is a highly customized VM. I would highly recommend Eric Zimmerman tools and SANS free tools. They are very worth to have in your forensic arsenal.
@servermadum72972 жыл бұрын
@@cybersecurityfreeresource278 yeah yeah i forgot to subscribe :) thank you
@Ikerone12 жыл бұрын
Very excellent! you have my following! thank you soo much!
@escanorsama79222 жыл бұрын
hi, tkx for the video but i am strugling with the 14th question {One of Po1s0n1vy's staged domains has some disjointed "unique" whois information. Concatenate the two codes together and submit them as a single answer.}, i couldn't find the answer; I used the whoxy like you and nothing happen Tkx for any help
@cybersecurityfreeresource2782 жыл бұрын
Hi Escanor you may follow my written guide in my blog for step by step picture as well here is the link cybersecurityfreeresource.wordpress.com/2021/12/31/cyberdefenders-org-boss-of-the-soc-v1-walkthrough/ You have to use whoxy's historical lookup via this link www.whoxy.com/whois-history/demo.ph, Please subscribe like and share. Feel free to let me know if you have further questions :)
@escanorsama79222 жыл бұрын
@@cybersecurityfreeresource278 tkx, it's worked, i needed just to copy and past the link of whoxy. greate video tkx