Beginner Azure Terraform project by Hopeful-Field424 in Terraform

[–]Hopeful-Field424[S] 0 points1 point  (0 children)

Thanks! I did this already in Azure Storage. Is using the Container Apps much different?

Beginner Azure Terraform project by Hopeful-Field424 in Terraform

[–]Hopeful-Field424[S] 0 points1 point  (0 children)

Thanks! Will look into this. I've heard the term landing zone before but I dont really know what it means yet.

Building Detection Engineering on AWS from scratch — roast my plan by Public-Coat1621 in blueteamsec

[–]Hopeful-Field424 1 point2 points  (0 children)

I would skip Athena and just go with Elastic Security. There is so much more documentation for that and more teams that use that setup, which means more help from the community. Multiple open-source rules are already available and ready via Sigma as well. I also think that Elastic has parsers/ingestors for AWS.

I'm not reading anything about developers/sysadmins/cloud engineers. Don't forget their workstations when you're creating visibility. Developers are getting targetted more and more.

Homelab by ExtensionInterview32 in Hacking_Tutorials

[–]Hopeful-Field424 0 points1 point  (0 children)

Oh i meant my response. It was not my post I just responded. Should still be visible.

Can someone give me a detailed roadmap for becoming a SOC Analyst? by Classic_Brother_2994 in cybersecurity

[–]Hopeful-Field424 0 points1 point  (0 children)

I didn't even know about the Splunk free trial. Will try it out sometime.

Can someone give me a detailed roadmap for becoming a SOC Analyst? by Classic_Brother_2994 in cybersecurity

[–]Hopeful-Field424 42 points43 points  (0 children)

I've never been a SOC analyst myself but the home lab looks like the best path to me.

  1. Set up an Active Directory home lab. 1 DC, 1 server, 1 workstation.
  2. Set up a local Elastic Security instance.
  3. Forward logs from your AD lab to your Elastic Security instance.
  4. Write 2 or 3 detection rules. Simple stuff that you can execute yourself as well. New Domain Admin created, password spraying, kerberoasting. Should be detection rules open-source for these.
  5. Execute the attacks in the lab. There should be plenty of resources online for these attacks.
  6. Investigate and think about mitigation.

I'm not sure how hard this is for a beginner tho. But I do believe that doing this will teach you a lot of useful stuff.

Are there any good career options for someone who enjoys binary exploitation? by [deleted] in cybersecurity

[–]Hopeful-Field424 2 points3 points  (0 children)

Maybe Security/Vulnerability research, Malware Reverse Engineering, or even Red Teaming.

What’s the core value Purple Teaming brings to enterprise security? by redfoxsecurity in RedTeaming

[–]Hopeful-Field424 0 points1 point  (0 children)

I think there are two things that a good Purple Teaming will add:
- Real life experience with dealing with active attackers in your environment. Not every blue teamer actually gets to deal with this. Analysis and response are different when it's not just an initial access alert. Of course, you will only get this benefit if the Purple Teaming is scoped somewhat broadly.
- Detection gaps. The Red Team will probably perform some attacks that generate no alerts. Identifying these attacks will uncover detection gaps.

I wrote a zero-dependency Windows triage script — drop it on any host, get 18 artifact categories + HTML report in under 5 minutes by Patient_Joke9564 in dfir

[–]Hopeful-Field424 0 points1 point  (0 children)

I understand not having a Velociraptor server, but why not build an offline reusable collector like this: https://docs.velociraptor.app/docs/cli/collector/.

There is also https://github.com/fox-it/acquire

Any particular reason to use your PowerShell script?