2022-01-01から1年間の記事一覧
Details playbook Is Traffic Malicious? What Is The Attack Type? Check If It Is a Planned Test What Is the Direction of Traffic? Was the Attack Successful? Add Artifacts Do You Need Tier 2 Escalation? End Details EventID : 115 Event Time : …
LetsDefend Challenge DFIR: Port Scan Activity Question1: What is the IP address scanning the environment? 一番沢山パケットを飛ばしていそうなのが怪しい. $ tshark -r port\ scan.pcap -z conv,ip -q ============================================…
BTL1(Blue Team Level 1)の概要 試験の準備 申し込み 申し込み段階での自身のBlueTeam関連スキル 申し込み後にアクセスできるコンテンツ 申し込み後の追加学習 試験 最後に一言 BTL1(Blue Team Level 1)の概要 名前の通りBlue Teamのための資格であって、 フ…
Details playbook Analyze Threat Intel Data URL https[:]//pssd-ltdgroup[.]com/ Domain pssd-ltdgroup[.]com 5.188.0.251 Interaction with TI data Log Endpoint Containment Add Artifacts End Details EventID: 16 Event Time: Sept. 20, 2020, 10:54 …
Details playbook Check if the malware is quarantined/cleaned Analyze Malware Add Artifacts End Details EventID: 17 Event Time: Sept. 22, 2020, 11:10 a.m. Rule: SOC106 - Found Suspicious File - TI Data Level: Security Analyst Source Address…
Details playbook Are there attachments or URLs in the email? Analyze Url/Attachment 送信側アドレス cashbank[.]com 172.82.128.241 mail Attachments Check If Mail Delivered to User? Check If Someone Opened the Malicios File/URL? Add Artifacts…
Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Analyze Malware creditcard -> 27e56f0f4bbb933a9ef25e0e0c2a4aaae578bdc2623e6bcdf664834e4ce60c9d Check If Someone Requested the C2 Add Artifacts End Details…
Details playbook Analyze Threat Intel Data https[:]//raw.githubusercontent[.]com/django/django/master/setup.py 151.101.112.133 Add Artifacts End Details EventID: 20 Event Time: Oct. 19, 2020, 9:54 p.m. Rule: SOC105 - Requested T.I. URL add…
Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Analyze Malware F46B0C39FCFDF4C0426C9276A2BB48C6 Check If Someone Requested the C2 Containment Add Artifacts End Details EventID: 21 Event Time: Oct. 20, …
Details playbook Search Log Analyze URL Address アクセス先ip 35.189.10.17 Suspicious URL: http[:]//stylefix[.]co/guillotine-cross/CTRNOQ/ Has Anyone Accessed IP/URL/Domain? Containment Add Artifacts End Details EventID: 22 Event Time: Oct.…
Details playbook Are there attachments or URLs in the email? Analyze Url/Attachment Attachments 1ceda3ccc4e450088204e23409904fa8 Check If Mail Delivered to User? Add Artifacts End Details EventID: 24 Event Time: Oct. 25, 2020, 9:32 p.m. Ru…
Details 送信元 157.230.109.166 playbook Are there attachments or URLs in the email? Analyze Url/Attachment Attachments 5a3de19f198269947bb509152678b7d2 Check If Mail Delivered to User? Add Artifacts End Details EventID: 25 Event Time: Oct.…
Details playbook Analyze URL Address 217.8.117.7 http[:]//jamesrlongacre.ac[.]ug/ac.exe User Agent: Firewall Test - Dont Block <- ???? Has Anyone Accessed IP/URL/Domain? Add Artifacts End Details EventID: 26 Event Time: Oct. 29, 2020, 7:05…
Details playbook Are there attachments or URLs in the email? Analyze Url/Attachment Sender IP 146.56.209.252 Sender Domain zol.co[.]zw Mail URL link: https[:]//hredoybangladesh[.]com/content/docs/wvoiha4vd1aqty/ hredoybangladesh[.]com Chec…
Details playbook Analyze Threat Intel Data http[:]//115.99.150.132:56841/Mozi.m Download file Mozi.m Interaction with TI data Log search Add Artifacts End Details EventID: 28 Event Time: Oct. 29, 2020, 7:34 p.m. Rule: SOC105 - Requested T.…
Details playbook Are there attachments or URLs in the email? Analyze Url/Attachment Check If Mail Delivered to User? Add Artifacts End Details EventID: 29 Event Time: Oct. 29, 2020, 7:43 p.m. Rule: SOC101 - Phishing Mail Detected Level: Se…
BTLO Challenge Suspicious USB Stick(Retired Challenge) Scenario Challenge Submission 1. What file is the autorun.inf running? (3 points) 2. Does the pdf file pass virustotal scan? (No malicious results returned) (2 points) 3. Does the file…
BTLOを始めてみました。 このサービスでは防御分野Blue Teamの実践的なスキルを用意されたファイルとシナリオに沿って学べます。環境が用意されているInvestigationsとファイルが渡されて解析を行うChallengesがあります。 サービスの規約により、Retiredと…
Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Analyze Malware cdde99520664ac313d43964620019c61 Endpoint - JohnComputer Process History Logsearch Check If Someone Requested the C2 Containment Add Artif…
Details playbook Search Log Analyze URL Address https[:]//encrypted-tbn0.gstatic[.]com/images?q=tbn:ANd9GcSjESkzn2LUxELhnqZZWBbmGwtbqfFsaemB9w&usqp=CAU encrypted-tbn0.gstatic[.]com 172.217.17.174 Add Artifacts End Details EventID: 32 Event…
Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Analyze Malware f83fb9ce6a83da58b20685c1d7e1e546 Log Search 92.63.8.47 Check If Someone Requested the C2 Containment Add Artifacts End Details EventID: 36…
Details playbook Are there attachments or URLs in the email? Analyze Url/Attachment http[:]//bit.ly/3ecXem52 netflix-payments.com 112.85.42.180 Check If Mail Delivered to User? Check If Someone Opened the Malicios File/URL? Add Artifacts E…
Details playbook Search Log Analyze URL Address 66.198.240.56 http[:]//interalliance.org/ https[:]//interalliance.org/come2/holme/folde/swiftcopy.ps1 Has Anyone Accessed IP/URL/Domain? Containment Endpoint - Aldo(172.16.17.51) Process Hist…
Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Analyze Malware eee99e6d8ade9463dd206dfbad3485ea http[:]//decpak.com/cgi-bin/gU/ Check If Someone Requested the C2 Log search - 172.16.17.83 330 331 332 C…
Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Analyze Malware ff6bbddc34cbd33e2501872b97c4bacd Log search - 172.16.17.33 328 329 Add Artifacts End Details EventID: 38 Event Time: Jan. 1, 2021, 5:36 p.…
Details playbook Search Log 333 Analyze URL Address https[:]//bit.ly/3hNuByx Add Artifacts End Details EventID: 40 Event Time: Jan. 2, 2021, 4:33 a.m. Rule: SOC110 - Proxy - Cryptojacking Detected Level: Security Analyst Source Address 172…
Details mail playbook Are there attachments or URLs in the email? Analyze Url/Attachment 9ed9ad87a1564fbb5e1b652b3e7148c8.zip Check If Mail Delivered to User? Add Artifacts 104.140.188.46 cashbank[.]com Log search - 104.140.188.46 End Deta…
Details playbook Search Log 45.80.181.51 casinos-hub[.]com Log search - 45.80.181.51 Analyze URL Address Has Anyone Accessed IP/URL/Domain? Add Artifacts Endpoint - BellaPRD End Details EventID: 42 Event Time: Jan. 30, 2021, 5:25 p.m. Rule…
Details playbook Search Log 193.239.147.32 Log search 193.239.147.32 Analyze URL Address http[:]//193.239.147.32/OBBBOP.exe OBBOP.exe Has Anyone Accessed IP/URL/Domain? Containment Endpoint - Jack(172.16.17.21) Browser History CMD History …
Details playbook Define Threat Indicator Check if the malware is quarantined/cleaned Endpoint - BillPRD CMD History Analyze Malware WinRAR.chm Add Artifacts End Details EventID: 44 Event Time: Jan. 31, 2021, 4:59 p.m. Rule: SOC113 - Suspic…
