Hack The Box SOC Analyst Lab

Hack The Box SOC Analyst Lab - Unit42 (Sysmon)

Рет қаралды 4,328

Күн бұрын

Пікірлер

@dlcrdz00 10 күн бұрын

Great video walkthrough...Haven't had much experience with Splunk but this video definitely got me excited the more we dug into the Event Logs

@MyDFIR 9 күн бұрын

Glad it sparked some interest, Splunk is a powerful tool!

@RubenMuñozAragon-e9n 5 ай бұрын

Great. Please I LOVE content of Splunk. Thanks.

@MyDFIR 5 ай бұрын

More to come!

@SayoOlanbiwonnu 5 ай бұрын

Amazing Delivery as usual ❤

@MyDFIR 5 ай бұрын

Thank you ❤️

@anitagd 5 ай бұрын

Great video as usual 🔥

@MyDFIR 5 ай бұрын

Appreciate it!

@MustafaAhmedQasemYahya 3 ай бұрын

You are anazing. Very nice. Thanks

@MyDFIR 3 ай бұрын

Wow, thank you!

@aplik3 5 ай бұрын

I was just planning to do this room today :D Great video!

@MyDFIR 5 ай бұрын

Have fun!

@mapletech_22 5 ай бұрын

Amazing work 👏 🙌 👌 ❤

@MyDFIR 5 ай бұрын

Thank you 🙌

@irocz5150 5 ай бұрын

Excellent video. Sad to say but sysmon generates lots of logs and sometimes there is a push back installing this amazing tool.

@MyDFIR 5 ай бұрын

You’re absolutely correct but there are some companies out there that have it!

@thebodythehead 5 ай бұрын

amazing video

@MyDFIR 5 ай бұрын

Thanks!

@frankurhioke1964 Ай бұрын

Do you have a discount on your course presently or a payment plan in place?

@MyDFIR Ай бұрын

Not yet but definitely something I plan on doing soon

@erglaligzda2265 5 ай бұрын

Any bright idea how to monitor end-point DNS queries? Now I am using sysmon, but not always it captures end-points IP and/or user. :(

@MyDFIR 5 ай бұрын

Strange, Sysmon Event ID 22 should capture the source IP of the endpoint and you can correlate that with other event IDs if required

@erglaligzda2265 5 ай бұрын

@@MyDFIR I thought so too, but on-premise environment it may not happen. Thanks for pointing out Event ID. I'll take a second into config file. :)

@MoSiraji 5 ай бұрын

Thank you good for training

@MyDFIR 5 ай бұрын

You’re welcome! Hope you had some fun and learned new things 👍

@MoSiraji 5 ай бұрын

@@MyDFIR Yes, I did.

@Whiterqbbit 5 ай бұрын

Fancy using Splunk, I would of probably used ZT Timeline Explorer - Going have to checkout that splunk video.

@MyDFIR 5 ай бұрын

heheh thanks! I love sifting through logs using Splunk as I can better visualize the data but I'd recommend using any tool that does the job!

@myles5253 5 ай бұрын

Do you use a VM for Hackthebox labs?

@godwinalekeobor5274 5 ай бұрын

You can use their VM, if you subscribe

@MyDFIR 5 ай бұрын

Any labs I do, I always use a VM. That way I can revert it pretty easily if I need to.

@Abc-sl1nf 5 ай бұрын

Thx!

@ItsCynik 5 ай бұрын

wen next project? 😢

@MyDFIR 5 ай бұрын

Heheh TBD! These take a long time to do. Have you completed all of the ones on my channel?

@mariostevenquijivix5752 5 ай бұрын

Im using a Mac. Is there another way aside from 7zip top extract the folder?

@MyDFIR 5 ай бұрын

I believe Mac has a built in extractor where you could double click and should do the trick.

@imca_b_5517 5 ай бұрын

Brother please don't upload video of hack the box because it was not free and + we are students so we don't have enough money for that but if you make video on other Topics so I will help

@MyDFIR 5 ай бұрын

But it is free or at least portions of it. All the labs I’ve uploaded so far are free that you can do and follow along. Unless I am missing something?