First off, thanks for showing this John. You were actually one of the first people I started watching in my IT career years ago when you were focused primarily on Python videos. Like you, I have since grown in my career and am now working in DFIR and also enrolled in SANS Incident Response Graduate Certificate program. I perform individual host-based forensics, large-scale multi-host multi-server ransomware compromise investigations, and everything in between. I've considered starting a UA-cam channel focused on DFIR and showing beginning to end investigations (acquiring evidence from physical machines, imaging, various log analysis, network analysis, host-based forensics, investigation methodologies, reporting, etc.). If this is something your audience would like, I would love a 'Like' and will begin putting together a series for viewers.
I would be first in line to watch as I am just completing a four year degree in cybersecurity itself, getting the real world practice out there is invaluable.
John, you’re way too good for this community! Every day I watch your videos and try to grasp everything you teach but it’s difficult to keep up with the plethora of information you are giving out 😂😂 we really do appreciate all your hard work, thanks for all the opportunities you’ve given us to grow and learn!
Just finished my first week of my first job in cyber as a Security Analyst. Thank you for everything you do John, thanks to you, this knowledge is readily available in a digestible way.
Is amazing, thanks for sharing. What I don't understand is that you need to have Wireshark all the time monitoring the traffic to get that info? Or how you make those pcaps in a real environment?
Don't know if you have heard but Toronto Public Library was hacked so bad that even their printers/scanners can't be used. It seems like entire back end was destroyed/deleted.
@johnhammond my man! thats the right energy and natural tone (so rare nowadays with all the hypee youtubers)!! have you ever played with polarizing filters for the reflections in your glasses? you would be amazed!
Decent firewalls do this (but only for traffic hitting the gateway). LAN traffic would be more difficult to capture. You can set up a monitoring port on a network switch so you can monitor all traffic going to and from selected ports on that switch, but quickly bandwidth gets eaten up by the amount of data so you'd need quite a chunky NIC. 48x1Gb for client machines, and then 1x50Gb for your server, sort of thing. Dark trace takes this further with more advanced machine learning software for threat detection.
Hey, I know that its hard to reply for comments but I have a question I have my google ID and password but I couldn't sign in into my account I have no 2fa enabled, no recovery phone or email in my account When I try to login it says, to login from device I logged in earlier (not available),sign in from same network(which isn't also available) What to do
There is a lot of data on the web from the WEF and UN, along with their brainwashed useful idiots, that states humans are a plague on the Earth. The first group the AI will wipe out is white people since that's all you hear about on MSM. White people has also been redefined to mean anyone who disagrees with the agenda. It will also see that men are bad and oppressing women but humans don't know what a women is, yet they know that men can be women too. The AI will be confused by our own stupidity. Ironically, it might be what keeps us from getting exterminated. 🤔
According to the WEF, hacking now consists of "misinformation". If you post a comment saying "men can NOT get pregnant", you have just "hacked" something and are now an international, cyber criminal terrorist. It's in their new 16 page report. They say it's for your "safety".
Lmao!!!! Well played on the word.exe. The word.exe for famous because there was a known counter strike player name forsaken who got caught cheating using word.exe.
First off, thanks for showing this John. You were actually one of the first people I started watching in my IT career years ago when you were focused primarily on Python videos. Like you, I have since grown in my career and am now working in DFIR and also enrolled in SANS Incident Response Graduate Certificate program. I perform individual host-based forensics, large-scale multi-host multi-server ransomware compromise investigations, and everything in between. I've considered starting a UA-cam channel focused on DFIR and showing beginning to end investigations (acquiring evidence from physical machines, imaging, various log analysis, network analysis, host-based forensics, investigation methodologies, reporting, etc.). If this is something your audience would like, I would love a 'Like' and will begin putting together a series for viewers.
I would love to watch this if you ever get the time to make it 😊
I would be first in line to watch as I am just completing a four year degree in cybersecurity itself, getting the real world practice out there is invaluable.
ain't readin allat
John, you’re way too good for this community! Every day I watch your videos and try to grasp everything you teach but it’s difficult to keep up with the plethora of information you are giving out 😂😂 we really do appreciate all your hard work, thanks for all the opportunities you’ve given us to grow and learn!
Just finished my first week of my first job in cyber as a Security Analyst. Thank you for everything you do John, thanks to you, this knowledge is readily available in a digestible way.
Is amazing, thanks for sharing. What I don't understand is that you need to have Wireshark all the time monitoring the traffic to get that info? Or how you make those pcaps in a real environment?
I'm just over here taking notes on how to UA-cam. Love your channel!
big fan here from Ethiopia keep up the content🥰
Here From Nepal!😊
Here from Poland
Don't know if you have heard but Toronto Public Library was hacked so bad that even their printers/scanners can't be used. It seems like entire back end was destroyed/deleted.
Seriously? Do you have source I could check out by any chance
Thanks John. We need more of this or malware analysis videos
The number of environments I come across where literally no security baselining has been carried out is simply staggering.
05:59 why does office macro have capability to do stuff outside document like spawn process, read and write files?
awesome to see some incident response videos hoping to see some more of these
@johnhammond my man! thats the right energy and natural tone (so rare nowadays with all the hypee youtubers)!!
have you ever played with polarizing filters for the reflections in your glasses? you would be amazed!
Thanks for sharing and let us learn . Very well explained and clear.
this win11 taskbar is a perfect example of why it was put on the left in the first place :P
Excellent video as always! Loving the blue team content on the channel!
I love your teaching methods 😍😍
There's no link to the lab in the description currently.
Sorry, fixed! jh.live/logs-ir
It was a really amazing video, we need more of these.
Pause to shift gears 15:33
Is it normal for a network to be capturing wireshark during normal use? Or is this supposed to have been run per hack but before cleanup?
Decent firewalls do this (but only for traffic hitting the gateway). LAN traffic would be more difficult to capture. You can set up a monitoring port on a network switch so you can monitor all traffic going to and from selected ports on that switch, but quickly bandwidth gets eaten up by the amount of data so you'd need quite a chunky NIC. 48x1Gb for client machines, and then 1x50Gb for your server, sort of thing. Dark trace takes this further with more advanced machine learning software for threat detection.
@@chuckhayes8320 thanks that was kind of my thinking that’s a lot of data to be capturing seems something only big orgs would have budget for?
Well not many companies do pcap to workstations. Too much data.
Thank you so much. This is great.
Big fan of you boss❤❤
15:33 poor John forgot to cut it out
17:27 too
so where is the link to poisoning the well? i dont see it via browser
As noted by a couple of commenters below, there does not seem to be a link to the labs in the description...
Thanks for adding the link.
Great video, well made and dictated!
why not open the CSV in excel or something?
Hi John why did you use a vm for this ?
Hello John, Thanks for the video. There is no link in description.
Apologies, I've added it now.
@@_JohnHammond That's quick. Really appreciate for sharing your knowledge. Thank you very much.
thank, awesome!
yeah no link in description
I thought I was the only one, but yeah, no link. Thought I might have fallen on my head...
Sorry, added now! jh.live/logs-ir
Do you have courses?
What are the differences between Antisyphon training vs try hack me? Would they complement each other?
Of course, only if you're really interested in cyber security
Definitely am ;),
But if someone would chose one in between these two, which one would be best?
Nmap is among the stuff? Might give it a shot.
How often are the logs actually available and not wiped?
That is why you have them on a Syslog Server that is not connected to the Domain...
Hey, I know that its hard to reply for comments but I have a question
I have my google ID and password but I couldn't sign in into my account
I have no 2fa enabled, no recovery phone or email in my account
When I try to login it says, to login from device I logged in earlier (not available),sign in from same network(which isn't also available)
What to do
why don't you make a video about Sysmon???
Where can I find more Incident Response labs? Free labs
can you make a tutorial how to get on onion center the search engine?? please
*Nostalgia intensifies*
The day will come when someone asks the AI to fix our security problems, and it eliminates all the humans....
There is a lot of data on the web from the WEF and UN, along with their brainwashed useful idiots, that states humans are a plague on the Earth. The first group the AI will wipe out is white people since that's all you hear about on MSM. White people has also been redefined to mean anyone who disagrees with the agenda. It will also see that men are bad and oppressing women but humans don't know what a women is, yet they know that men can be women too. The AI will be confused by our own stupidity. Ironically, it might be what keeps us from getting exterminated. 🤔
how gta 6 got hacked , can you explain ?
I don't understand anything here
Love from india ❤
wtf is this click bait. be transparent in your title: this is not real
Make An rev eng of an ITP crypto scam app please. :-)
hi
I wonder which company got hacked😂
its obviously in the video.
According to the WEF, hacking now consists of "misinformation". If you post a comment saying "men can NOT get pregnant", you have just "hacked" something and are now an international, cyber criminal terrorist. It's in their new 16 page report. They say it's for your "safety".
👍
DISH, duh. Lulz
⭐️⭐️⭐️⭐️⭐️
First, 22 seconds ago?
comment
script kiddie stuff
Lmao!!!! Well played on the word.exe. The word.exe for famous because there was a known counter strike player name forsaken who got caught cheating using word.exe.
HACKERATO LEDGER