In this writeup we will be analyzing a email to determine whether it was a phishing attempt or not. We will only use a mail client(You can use any you like) and avail Threat intel platforms like virustotal and cisco talos intelligence Scenario Your email address has been leaked and you…

Today i will be solving printnightmare challenge in which we are provided with network capture and an memory image to analyse. We will use Brim and Redline to uncover exploitation of CVE-2021–34527 in internal network. This challenge is available for free on letsdefend platform. We have a document giving instructions…

Hello Blue teamers and Red Teamers. In this post , we will be analyzing some apache access logs to uncover asset discovery, login brute force and web rce . Then we will uncover how attacker maintained his/her presence in the environment and which IP’s are associated with the threat actor. Analysis …

Hello Blue Teamers . I created Another Challenge on Letsdefend platform. This challenge is about Windows Forensics and how to parse and analyze various important artifacts to determine full cyber kill chain , from delivery to Lateral movement Scenario Investigation We have a disk image of extension ad1. We would first need…

We have an Incident related to Log4j activities escalated by L1 Analyst. Vulnerability Log4j2 versions 2.0-beta9 through 2.15.0 (excluding 2.12.x after 2.12.1) are vulnerable to remote code execution using its LDAP (Lightweight Directory Access Protocol) JNDI parser. An attacker who can control log messages or log message parameters can execute arbitrary…

This is just a short writeup showcasing event logs analysis Attack Simulation : We will create a compromise scenario. A Metasploit reverse shell executable will be run on the victim endpoint and a reverse shell will be gained on the attacker machine . We will then escalate our privileges to nt authority we start…

Hi guys, i made this windows memory forensics challenge which was published on letsdefend. I am writing this writeup in the intended way to solve the challenge using volatility 3. We will learn to analyse windows processes and find hidden malware among the processes. We will go through full memory…

Lets defend is a platform for blue team training and Practical labs. It has a built-in simulated SOC environment. It has log management, endpoint management, alerts dashboard, SOC playbooks etc. Today i am going to solve incident response level alerts, escalated to L2 SOC by Security analysts L1. Please note…

Hi folks. Today we will be learning a bit about follina Zero-day, and i am doing the follina challenge from blueteamlabsonline I first understood why this vulnerability exists and its inner workings of it from this blog https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug Key takeaways from the blog are: 1) the First payload must be…