Projects
Part 6 | SOC Analyst Home Labs
Part 6: Automated Yara Scanning In this part of the lab we'll use LimaCharlie to automatically scan for the presence of malware based on YARA signatures. About YARA YARA is a tool primarily used for identifying and classifying malware based on textual or binary patterns. It is used to craft...
Part 5 | SOC Analyst Home Labs
Part 5: Tuning Response Rules Around False Positives Finding False Positives When our detection rules start creating alerts around "normal" system processes, it is an unnecessary workload for the SOC analyst. In other words, if we are getting an alert in our "Detections" list every time a legitimate service or...
Part 4 | SOC Analyst Home Labs
Part 4: Blocking Attacks In the previous part of this lab we looked at how we can create a rule to alert us as a response to a threat. In this section of the lab we will go a bit further and create a rule to block an attack for...
Part 3 | SOC Analyst Home Labs
Part 3 Process Detection and Alert Creation In this section of the lab, we will start with some more "Red-Team" to generate some more noise in LimaCharlie and then we'll proceed with creating a rule around that event. C2 and Memory Dumping First we'll jump back into our C2 session...
Part 2 | SOC Analyst Home Labs
Part 2: Time for some Red-Team activities Generating our C2 payload First we will connect via SSH to our Ubuntu Server VM (same as shown in Part 1), from which we will initiate our "attack" to the Windows VM. Once the connection is established, we can elevate our privileges to...
Part 1 | SOC Analyst Home Labs
Part 1: Creating a small virtualization environment (2 VMs) Install VMware Workstation Pro For the virtualization environment we will be using VMware. For setting up this lab we will need a machine with at least 8GB of RAM, but 16GB and above is preferable as we will be running more...
How to set up Kali Linux with GUI on WSL2 (Windows 11)
This article is a quick guide to setting up Kali Linux on Windows 11 with WSL2 What is WSL (Windows Subsystem for Linux)? Windows Subsystem for Linux (WSL) is a feature of Windows that allows you to run a Linux environment on your Windows machine, without the need for...
UIUCTF 2024 | OSINT Challenge: CHUNKY BOI
CTFOSINT Challenge: CHUNKY BOI For this challenge, there was no location in the EXIF data just as expected. Reverse image-search also did not yield any results, and unfortunately, the geospy tool that proved very useful for the previous challenge did not provide any valid data for solving this one. The...
UIUCTF 2024 | OSINT Challenge: NIGHT
CTFOSINT Challenge: NIGHT For this challenge, my initial thought was to check the EXIF data but the location information was removed from the metadata of the image. My second thought was to do a reverse image-search of the image provided for the challenge. After spending some time scrolling through the...