Real Time SOC Analyst Simulation | TryHackMe SOC Simulator

Real Time SOC Analyst Simulation | TryHackMe SOC Simulator | Phishing Unfolding

Рет қаралды 3,492

Motasem Hamdan | Cyber Security & Tech

Күн бұрын

Пікірлер: 39

@boh70326 27 күн бұрын

Wow , amazing as usual Mot ..you re the first guy on KZbin that got it done ✔️ super 👌 thanks a lot man

@MotasemHamdan 26 күн бұрын

Glad you liked it!

@Jennifer-o2b8i 27 күн бұрын

I was looking forward for this, thank you !

@MotasemHamdan 27 күн бұрын

Glad it was helpful.

@easy94883 25 күн бұрын

PLEASE PLEASE PLEASE make an hour long video going through different types of alerts and how to investigate them and report. This was so helpful for learning!! I subscribed ❤

@MotasemHamdan 25 күн бұрын

Thank you ! Noted.

@mazenal-emad8680 24 күн бұрын

@@easy94883 +1

@Michael_ATL_82 Күн бұрын

Wow, you just made all this stuff I learned in class click. Thank you.

@MotasemHamdan 21 сағат бұрын

Glad it was helpful!

@florecista1 21 күн бұрын

Excellent video 👏

@MotasemHamdan 21 күн бұрын

Thanks for the visit

@Sena-kj8wg 24 күн бұрын

please do more of it, thank you, i appreciate that. A brazilian hug for you my friend!!

@MotasemHamdan 24 күн бұрын

Thanks for the feedback, I'll definitely look into creating more of these.

@reals4483 22 күн бұрын

I TRIED TO DO IT. bUT MY SIMULATOR KEEPS LOADING BUT ITS NOT OPENING.

@sanphotos 24 күн бұрын

am on m 3rd month as SOC analyst and am learning from this. thanks

@MotasemHamdan 24 күн бұрын

Glad to hear it's helpful!

@sanphotos 24 күн бұрын

@@MotasemHamdan I'm curios why you didn't escalate the case?

@MotasemHamdan 24 күн бұрын

@@sanphotos Because the root cause of the incident was determined and as such, the next action is to eradicate the infection and recover the system.

@sergiojhdz 16 күн бұрын

Did you have to do anything in splunk, to be able to view the data? when splunk opens up for me, there is no data for me to search. I try different queries and it displays nothing

@MotasemHamdan 15 күн бұрын

try "index=*" and make sure the time is set to "all time"

@raul_d2747 25 күн бұрын

Just ran into your channel. Great content. You explained the steps very well. Can you do more of these?

@MotasemHamdan 25 күн бұрын

Thank you !

@jamilshekinski 16 күн бұрын

Thank you habibi!!

@MotasemHamdan 15 күн бұрын

You're welcome 😊

@islamicwarrior9449 27 күн бұрын

Beautiful, you’ve pretty much analysed the attackers entire TTP in like 10 minutes, my only question is that the case report that you write for that one alert, would you write the same case report for every high alert that had followed that alert?

@MotasemHamdan 27 күн бұрын

If the artifacts are the same, the case report will be the same 😀

@kingdwight1 25 күн бұрын

Why wouldn't the alert require escalation? I would think it definitely need to be escalated as data has been exfiltrated.

@MotasemHamdan 24 күн бұрын

Because the root cause has been determined and the next phase should be to eradicate the infection.

@kingdwight1 24 күн бұрын

Wouldn't eradication require an escalation?

@johnvardy9559 24 күн бұрын

Motasem great work, could we do this lab with elastic search?

@MotasemHamdan 23 күн бұрын

Unfortunatrely its only available on Splunk

@hiasfa 15 күн бұрын

Why wont it require escalation , As i believe the attacker now has access to financial records wont that be a matter of concern to be escalated?

@MotasemHamdan 15 күн бұрын

The event is escalated when the analysts who investigated the event couldn't reslove it so they escalate it to teams on upper tiers. This happens most often when there is a malware sample to analyze or reverse engineer.

@hiasfa 15 күн бұрын

@@MotasemHamdan in an actual company , wont this be escalated to maybe senior as critical data has been exposed so shouldn't it be escalated for damage control?

@MotasemHamdan 15 күн бұрын

Maybe breach notification as part of legal compliance.

@hiasfa 13 күн бұрын

@@MotasemHamdan Thanks for Clarifying