Blue Team SOC Real World Case Studies | Complete Walkthrough | TryHackMe Boogeyman 1,2,3 скачать в хорошем качестве

Blue Team SOC Real World Case Studies | Complete Walkthrough | TryHackMe Boogeyman 1,2,3

The video provides a walkthrough of analyzing three different cyberattack scenarios where phishing emails were the initial entry point. The video highlights real world case studies for SOC analysts and threat hunters by solving the three TryHackMe Boogeyman challenges that are part of the SOC level 1 capstone. **** Receive Cyber Security Field, Certifications Notes and Special Training Videos    / @motasemhamdan   ****** Writeup https://motasem-notes.net/blue-team-s... **** Patreon   / motasemhamdan   Instagram   / mastermindstudynotes   Google Profile https://maps.app.goo.gl/eLotQQb7Dm6ai... LinkedIn [1]:   / motasem-hamdan-7673289b   [2]:   / motasem-eldad-ha-bb42481b2   Instagram   / mastermindstudynotes   Twitter   / manmotasem   Facebook   / motasemhamdantty   *** 0:00 - Introduction to Three Attack Scenarios 0:11 - Scenario 1: Phishing Email with Windows Shortcut Attachment 0:39 - Scenario 2: Phishing with Word Document and VBA Macro 1:04 - Scenario 3: HTML Application (HTA) Attack 1:17 - Start of Scenario 1: Phishing Email Analysis 1:54 - Artifacts Collected for Analysis 2:44 - Viewing Phishing Email Attachment 3:53 - Extracting and Analyzing the ZIP Attachment 4:35 - Investigating the Windows Shortcut (LNK) File 5:13 - Using LinkParser to Extract Shortcut Contents 5:38 - Decoding Base64 PowerShell Command 6:27 - Identifying Command and Control (C2) Server 7:03 - Analyzing Phishing Email Header for DKIM Signature 8:14 - Viewing Email Header Using Thunderbird 9:02 - Answering Questions About Phishing Email Analysis 10:04 - Extracting and Analyzing the PCAP File 10:42 - Using JQ to Extract Data from PowerShell Logs 12:15 - Extracting Script Block Text from PowerShell Logs 13:18 - Analyzing Commands Executed by the Phishing Attachment 14:10 - Attacker's Use of KeePass File and Seatbelt Tool 15:15 - Detecting Data Exfiltration via DNS Protocol 17:03 - Analyzing Attacker's Use of Hex Encoding for Data Exfiltration 18:07 - Microsoft Sticky Notes Data Extraction and SQL Database Access 19:11 - Scenario 2: Investigating C2 Server Using Wireshark 19:52 - Uncovering C2 Server's File Hosting Setup 21:36 - Discovering C2 Server's Use of POST Requests for Data Exfiltration 22:05 - Answering Questions on Data Exfiltration and Attack Tools 23:18 - Investigating Attacker's Use of SQL Commands 24:13 - Decoding Exfiltrated Data to Extract Passwords 25:25 - Accessing Password-Protected Database 26:04 - Extracting Credit Card Data from the Exfiltrated File 31:03 - Introduction to Scenario 2: Phishing Email with Malicious Document 32:35 - Using VirusTotal to Analyze Malicious Word Document 33:39 - Extracting and Analyzing VBA Macros from Word Document 34:16 - Detecting C2 Server Interaction and Stage 2 Payload