If we’re new to this how are we supposed to know acunetix is a vulnerability scanner? Remember most people here are trying to learn from scratch. I feel like this would be better if you go in with the mindset that you’re a noobie. Just my opinion
Mostly you apply OSINT as you continue to learn, everything started foggy for me until I am able to piece everything together and that's the challenge. Tryhackme and other platforms provide the leverage to piece them together compared to enrolling in courses.
2 роки тому+2
I was doing this on my own when I was looking for the web host and since I wasn't sure I looked it up on Google. Whenever the information isn't handed to you you should Google it. OSINT is a big part of security operations.
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below motasem-notes.net/
32:26 you have click on event 1 why you cklicked this one and not event 7?what is the mindset we have to invest all of these events.? what did you choose this one?
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below motasem-notes.net/
Hi, i understand IP 40.80.148.42 has more logs. so basically it could be an attacker. however, how did you find/ why could you make sure that this IP was the attacker by looking the field? I'm looking at it but don't know what is the specific things that I need to look. Thank you for your video lecture, it really helps me a lot.
You said the attackers leveraged a vulnerability to gain access to the web server but that not true, the attacker actually brute forced his way in for the initial entry
@@kevingardocki try change smart mode to the verbose mode, and time setting from last 24hr to all time. you can find them in the right part of the page
Is this the reason why organizations prefer ELK stack because splunk is harder to query? Haha. Do you know other query tools Motasem aside from Sigma, would love to hear your suggestions. :D
34:00 for some reason my hash value for the first log was different and the hash value of the third log turned out to be the correct answer, writing this comment here in case someone else gets this problem.
Absolutely amazing sir! Hats off! Best video to learn what incident handling actually means!
Thank you for your support !
You are simply the Best.
I read that in Tina Turner's voice :P
Good day! thanks for the video! How did you upload data ?Which data? Where did you get it? thanks
If we’re new to this how are we supposed to know acunetix is a vulnerability scanner? Remember most people here are trying to learn from scratch. I feel like this would be better if you go in with the mindset that you’re a noobie. Just my opinion
Mostly you apply OSINT as you continue to learn, everything started foggy for me until I am able to piece everything together and that's the challenge. Tryhackme and other platforms provide the leverage to piece them together compared to enrolling in courses.
I was doing this on my own when I was looking for the web host and since I wasn't sure I looked it up on Google. Whenever the information isn't handed to you you should Google it. OSINT is a big part of security operations.
Its tipical shitty THM room in which they dont explain majority of stuff. Im switchingto HTB Academy on first July.
Thanks ! Informative content !
Could you please share with us your notes so that we can use them during THM trainings ?
Hello, notes are part of channel membership tier 2.
Details:
motasem-notes.net/cyber-security-field-notes/
is there a way we can get your notes ? they seem very good. also what note app is that
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
motasem-notes.net/
32:26 you have click on event 1 why you cklicked this one and not event 7?what is the mindset we have to invest all of these events.? what did you choose this one?
great work!
Thank You! Is there any way you can share your notes ?
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
motasem-notes.net/
Hi, i understand IP 40.80.148.42 has more logs. so basically it could be an attacker. however, how did you find/ why could you make sure that this IP was the attacker by looking the field? I'm looking at it but don't know what is the specific things that I need to look. Thank you for your video lecture, it really helps me a lot.
hello motasem i noticed you have a notes library with rich information i need those can i buy from you??
Can have your notes if you deem appropriate? Please. It seems the ultimate sheet for any analyst.
Hello Sir, can u trained us Cyber Incident Response with Splunk in the real world case with projects
You said the attackers leveraged a vulnerability to gain access to the web server but that not true, the attacker actually brute forced his way in for the initial entry
When I put in index=botsv1 , no events are popping up , is there a step in the beginning im missing?
Did you try index=* ?
@@MotasemHamdan yes that as well are you putting in data sets ? I tried index=“botsv1”
I wonder if anything change with values
@@kevingardocki try change smart mode to the verbose mode, and time setting from last 24hr to all time. you can find them in the right part of the page
What about time period? Might be changing it into "All time" might help.
@@hidden9495 That's what it was for me. Changing to All Time did the trick.
Is this the reason why organizations prefer ELK stack because splunk is harder to query? Haha. Do you know other query tools Motasem aside from Sigma, would love to hear your suggestions. :D
Brim is a great tool to analyze network packet captures and works based on queries.
34:00 for some reason my hash value for the first log was different and the hash value of the third log turned out to be the correct answer, writing this comment here in case someone else gets this problem.