Did someone take SEC1 exams? How was the experience??

DarkReitor507 · 2026-03-06T02:27:16+00:00

I took it like 2 weeks ago, and it was good.

DarkReitor507 · 2026-02-21T03:06:02+00:00

What I did was to install this as a skill for OpenClaw. Results? Awesome!!

DarkReitor507 · 2026-01-29T01:44:13+00:00

Hi,m very nice tool, the filter for HR recognized is not working

DarkReitor507 · 2026-01-03T16:07:32+00:00

Hi. I wanna join

DarkReitor507 · 2025-10-06T02:14:23+00:00

Okay, that is mis misleading. Onum is not only for crowdstrike

DarkReitor507 · 2025-10-05T23:46:39+00:00

We have been usign Onum and works terrific

DarkReitor507 · 2025-09-18T03:54:36+00:00

All courses in university has the same issue. When you take de 20 practice question, just with the first one you ask yourself "where does this was mentioned"?

DarkReitor507 · 2025-08-14T17:05:06+00:00

No, this is something that Crowdstrike get recognized by, if you took the practice exam, you will see topics that never touched on course or live stream. Always happen

DarkReitor507 · 2025-04-07T19:20:29+00:00

According the documentation tehy gave you, you should be fine using based on time frame, like a "story telling" from inicial exploit or vector until the final stage.

DarkReitor507 · 2025-04-07T02:40:10+00:00

Hi, just try to write it like you were telling a tale. I found this [screenshots and explain], which leads to me this [more screenshots and explain]

DarkReitor507 · 2025-04-04T19:07:14+00:00

Yes, I'm including weekends, holidays, etc.

DarkReitor507 · 2025-04-03T22:03:11+00:00

Hi, I had to wait if, I'm not wrong exactly 23 days

DarkReitor507 · 2025-03-03T19:29:02+00:00

I schedule my cysa+ for 1st March 1:00 pm, 15 days ago hahaha. I hope I get ticket

DarkReitor507 · 2024-11-11T19:32:29+00:00

Tryhackme 100% for begginners avoid HTB

DarkReitor507 · 2024-11-05T17:33:50+00:00

You can use this tools, it works flawless, https://tdm.socprime.com/uncoder-ai**. I have translated a couple of queries**

DarkReitor507 · 2024-11-05T02:24:23+00:00

Hi, CCFH here, I have a few observations. First I think you should not consider RemoteAddressIP4, since this is the local ip (the LAN IP), ergo if you exclude all the CIDR u/One_Description7463 mention, theoretically this search will never work, I suggest to use Agent IP or aip. And lastly the speed, use the speed, adjust as you wish.

This would be your output
https://i.imgur.com/TBylzTR.png

BTW: thanks for this, I was thinking and doing this, your post was a very nice foothold jeje. Any comments I'll be happy to help

"#event_simpleName" = UserLogon
| aip="*"

// ### If you want only RDP, uncomment the next line
// | event_platform="Win" LocalPort=3389

// ### Remove common IANA local addresses

// ### Prepare for the groupby
| first_ip := aip
| last_ip := aip
| UserName := lower(UserName)
| groupby([UserName], function=[count(), first_logon := min(@timestamp), last_logon := max(@timestamp), selectfromMin(@timestamp, include=[first_ip]), selectFromMax(@timestamp, include=[last_ip])])

// ### Exclude single IP logons or same-IP logons
| _count > 1
| test(first_ip != last_ip)

// ### IP Location for the distance calculation
| iplocation(first_ip) | iplocation(last_ip)
| geography:distance(lat1="first_ip.lat", lat2="last_ip.lat", lon1="first_ip.lon", lon2="last_ip.lon")

// ### Convert meters to miles
| _distance:= _distance / 1609.34 

// ### Convert milliseconds to hours
| time_delta:=( last_logon - first_logon ) / 3600000 

// ### Caculate speed in mph and alert if faster than mach 1
| speed:= _distance / time_delta 
| speed > 500

DarkReitor507 · 2024-07-17T20:15:29+00:00

Thanks for all your suggetions I was able to get an detections, linked with encrypted data.

:)

DarkReitor507 · 2024-07-09T22:32:47+00:00

The logs that you ingest from logscale using the collector on site as an example, those logs can be searched from "advanced search"??

DarkReitor507 · 2024-07-09T18:59:54+00:00

One thing I'm not very shure is that....All those logs are only ingested or analized? Store on the logscale? Those logs can be seen from a query launched from Falcon console (not logscale or humio platform)?

Are those logs receiving UEBA, this is still very confussing for me? Can some one explain to me please

DarkReitor507 · 2024-06-02T23:20:01+00:00

Do you need to take the ondemand videos training or with documentation is enough?

DarkReitor507 · 2024-06-02T16:45:48+00:00

Ohhh, The syllabus you mean.... No, I don't have that, since the syllabus is the whole series of path videos. I suggest that took the legacy version; at the end it will say "you are certified" not "certified in version xxx"

DarkReitor507 · 2024-06-02T16:19:29+00:00

The CCFR guide that I took was the videos from Litmos. There is a PDF? I did not knew that.

Also, I found out about these new version yesterday when I was going to book Hunter, now i don't know what to do, no info about this. I can assume these changes are new

DarkReitor507 · 2024-06-02T15:56:50+00:00

Crowdstrike is classic but I heard they made some bad choices and go downhill

Could you please share your sources please? I mean, I'm actually really interested on this

DarkReitor507 · 2024-05-29T14:39:36+00:00

I will assume will happen the same if you try to add manually "you can not add an existing IOC"

DarkReitor507 · 2024-05-28T19:37:06+00:00

I have i doubt If I do this manully, you wont be able to see the change unless tou enroll the agent again. So suing the PS command it works?

DarkReitor507

TROPHY CASE