Posts tagged: blue
6 posts
HTB Sherlock - MangoBleed
DFIR analysis of a compromised MongoDB server to investigate MangoBleed vulnerability exploitation, identify attacker activity, and perform rapid triage analysis of collected artifacts.
Read More →HTB Sherlock - Unit 42: Sysmon Log Analysis & UltraVNC Intrusion Detection
DFIR analysis of Sysmon logs to detect and investigate an UltraVNC-based intrusion campaign, focusing on file creation events, process execution, and network indicators.
Read More →ISM-0534 Implementation Guide: Disabling Unused Physical Ports
ISM-0534 implementation guide: Disable unused physical ports on network devices. Complete configuration guidance for switches, routers, and network infrastructure. Step-by-step instructions for blue team security implementation and compliance.
Read More →Alternate Data Streams
A comprehensive guide to NTFS Alternate Data Streams (ADS), covering exploitation techniques, detection methods, and blue team strategies. Learn how attackers hide malicious payloads and how defenders can identify and mitigate these stealthy techniques.
Read More →ISM-0657 Implementation Guide
ISM-0657 implementation guide: Manual data import scanning for malicious content control. Implementation guidance, requirements, and testing procedures for ISM cybersecurity controls and data security scanning for blue team security.
Read More →Windows Event ID 4624: Successful Logon Analysis
Windows Event ID 4624 guide: Complete analysis of successful logon events, logon types (interactive, network, RDP), security monitoring, and blue team detection techniques for Windows authentication events and security monitoring.
Read More →