4ensiX

4ensiX

FPと言ったものはFPを選んだが表示はTPになっていることに気づいた。

2022-12-01から1ヶ月間の記事一覧

LetsDefend level 1 alert SOC165 - Possible SQL Injection Payload Detected event-id 115

LetsDefend

Details playbook Is Traffic Malicious? What Is The Attack Type? Check If It Is a Planned Test What Is the Direction of Traffic? Was the Attack Successful? Add Artifacts Do You Need Tier 2 Escalation? End Details EventID : 115 Event Time : …

#LetsDefend

LetsDefend Challenge DFIR: Port Scan Activity writeup

LetsDefend Forensics packet

LetsDefend Challenge DFIR: Port Scan Activity Question1: What is the IP address scanning the environment? 一番沢山パケットを飛ばしていそうなのが怪しい. $ tshark -r port\ scan.pcap -z conv,ip -q ============================================…