filmov
tv
Incident Response Training, Live Forensics of Compromised Website
Показать описание
With the continuation of my Incident Response Training Series, today I will be covering a Live Forensics for a Compromised Website running on Linux. So, this Episode is another Video for my Linux Forensics Series as well.
Also, I am giving away a couple of VIP Coupons for Let's Defend Lab and Blue Team Lab Online. So watch the episode to participate and grab your chance!!
👉 I will show you what got changed in the server to make the actual website unreachable and flashing a bizarre Message
👉 I will decode the full obfuscated code and identify the IOCs
👉 Analyze logs to identify how the attacker get into the server
👉 Will run a Self Made Tool (Power Forensics) to capture volatile data from the server. I will make the tool open-source once I complete the full project! So stay tuned for next Episodes
👉 Analyse the volatile data to identify more traces of Attacker
So it's a full detailed analysis of real SOC Incident and has in depth analysis. If you want to become a SOC analyst, want to work on real cyber incidents, if you are a absolute beginner or a experienced professional; each one of you should have something in this episode, in terms of learning and also get a opportunity to earn the Forensics Certification Examination voucher!! So, watch the full episode and ROCK in SOC!!
Tools I have used in this Episode-
👉 CyberChef
👉 Volatility Memory Forensics
👉 Power Forensics
👉 SIFT Workstation
👉 ClamAV
Related Episodes-
WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
⌚
Timelines
-------------------------------------------------------------------------------------------------------------------------
0:00 ⏩ Pretty sketchy stuff!
2:04 ⏩ Background
5:06 ⏩ What has happened
6:47 ⏩ Login to host and Start Analysis
15:55 ⏩ Decode the Malicious Code
28:40 ⏩ Analyze Access Logs
44:14 ⏩ Run Power Forensics
50:51 ⏩ Analyze Volatile Data
1:04:55 ⏩ Run ClamScan
1:06:54 ⏩ Recap Analysis
1:10:11 ⏩ Report from ClamScan
1:14:16 ⏩ Let's Summarize
📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ Twitter: @blackperl_dfir
SUPPORT BLACKPERL
-------------------------------------------------------------------------------------------------------------------------
╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗
║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣
╠╗║╚╝║║╠╗║╚╣║║║║║═╣
╚═╩══╩═╩═╩═╩╝╚╩═╩═╝
➡️ SUBSCRIBE, Share, Like, Comment
-------------------------------------------------------------------------------------------------------------------------
🙏 Thanks for watching!! Be CyberAware!! 🤞
Also, I am giving away a couple of VIP Coupons for Let's Defend Lab and Blue Team Lab Online. So watch the episode to participate and grab your chance!!
👉 I will show you what got changed in the server to make the actual website unreachable and flashing a bizarre Message
👉 I will decode the full obfuscated code and identify the IOCs
👉 Analyze logs to identify how the attacker get into the server
👉 Will run a Self Made Tool (Power Forensics) to capture volatile data from the server. I will make the tool open-source once I complete the full project! So stay tuned for next Episodes
👉 Analyse the volatile data to identify more traces of Attacker
So it's a full detailed analysis of real SOC Incident and has in depth analysis. If you want to become a SOC analyst, want to work on real cyber incidents, if you are a absolute beginner or a experienced professional; each one of you should have something in this episode, in terms of learning and also get a opportunity to earn the Forensics Certification Examination voucher!! So, watch the full episode and ROCK in SOC!!
Tools I have used in this Episode-
👉 CyberChef
👉 Volatility Memory Forensics
👉 Power Forensics
👉 SIFT Workstation
👉 ClamAV
Related Episodes-
WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
⌚
Timelines
-------------------------------------------------------------------------------------------------------------------------
0:00 ⏩ Pretty sketchy stuff!
2:04 ⏩ Background
5:06 ⏩ What has happened
6:47 ⏩ Login to host and Start Analysis
15:55 ⏩ Decode the Malicious Code
28:40 ⏩ Analyze Access Logs
44:14 ⏩ Run Power Forensics
50:51 ⏩ Analyze Volatile Data
1:04:55 ⏩ Run ClamScan
1:06:54 ⏩ Recap Analysis
1:10:11 ⏩ Report from ClamScan
1:14:16 ⏩ Let's Summarize
📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ Twitter: @blackperl_dfir
SUPPORT BLACKPERL
-------------------------------------------------------------------------------------------------------------------------
╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗
║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣
╠╗║╚╝║║╠╗║╚╣║║║║║═╣
╚═╩══╩═╩═╩═╩╝╚╩═╩═╝
➡️ SUBSCRIBE, Share, Like, Comment
-------------------------------------------------------------------------------------------------------------------------
🙏 Thanks for watching!! Be CyberAware!! 🤞
Комментарии