Cyber Security Forum

  What are the tools using? What is edr? What is difference between   vpn & proxy? Telenet port num & ssh port number port number for rdp What is golden ticket? Owasp top 10 vulnerabiluties Ssl handshake After ransomware came into system before encrypting attacker will do some things . what is that? What is logon number for rdp What is cyber kill chain? Can u give the example of what is the ways to delivery and explain What is mitm What is XSS ? how to prevent cross site scripting?   How do you know u r using proper sanitization? What is fileless malware & file malware? A)fileless malware is a type of malicious software that  uses legitimate programs to infect a computer . It does not rely on files and leaves no footprint, making it challenging to detect and remove. If we checked av no suspicious logs.but cnc connection happened . how to detect that. What will u see in the proxy logs?  A) Date and time. ·  ...

  Responsibility Index Phase Responsibility      Identification L1 Analyst:- GSOC Monitoring Team      Investigation  L2 Analyst:-This includes individuals from Network Team/GSOC Containment L2 Analyst: -  This includes individuals from Network Team/ Server team          Remediation L2 Analyst:-This includes Network Team/Server Team/GSOC Recovery L2 Analyst:-This includes Network Team/Server Team/GSOC Brute Force attack Procedure Identification Stage Stage Source Identification Brute Force incident is reported by  Network Team Incident/If the alert is raised by the SIEM Investigating Stage Stage Actions by Respective Team Investigation Security team checks If the Brute Force attack is identified and an alert generated via SIEM below parameters are considered for investigating: Source addresses of the attempts Firewall Action Investigating Destination on which brute force attem...

Alert Analysis & Remediation Runbook Use Case: AV – Malware detected but not cleaned Table of Contents Objective: 3 Incident Analysis Steps 3 1. Identify the context 4 Objective: If this malware can cause any damage on this endpoint or other endpoints in the network ANALYSIS Below are the steps to be performed in order to analyze triggered alerts Incident Analysis Steps Identify the context Identify the IP address/ host name of the asset Identify the AD user name/Email ID associated with this if it is endpoint Identify Malware details Check malware name which got triggered Identify the criticality of the malware as per AV category like ransomware, worm, Trojan, etc  Check hash value of the file in https://www.virustotal.com and identify the criticality ( Also check how other AV tools are doing for this hash value ) Identify the file path where it got dropped  Identify where the malware was dropped into the system like /temp, /system32, Admin folder, etc. Criticali...