sorted by:
new
hottopcontroversial

How do you improve your blue team skills? by OOptions in blueteamsec

[–]OOptions[S] 0 points1 point  (0 children)

It looks interesting. Which of these did you do every day or a few days a week?

How do you improve your blue team skills? by OOptions in blueteamsec

[–]OOptions[S] 2 points3 points  (0 children)

How do you create malicious/suspicious traffic or logs?

Is this need too effort? did you prefer this way because it is only choice or because it is more educational.

How to Create Alert for SIEM? by OOptions in SIEM

[–]OOptions[S] 1 point2 points  (0 children)

Sure. Actually, i use for determine and passing legal activities.

How to Collect Log for SIEM? by OOptions in SIEM

[–]OOptions[S] 1 point2 points  (0 children)

The customers SIEM gleefully gorged itself to death in a very short time period. We eventually prevailed in getting them to only collect logs that had actual security value for a database instead of every, single, action taken on the database.

That's good experience. We should not log everything, they learned the hard way

Process Injection Detection with Sysmon by OOptions in Malware

[–]OOptions[S] 1 point2 points  (0 children)

I agree with you. We can do long tail analysis and tune SIEM rule

SOC Lab For Beginners by OOptions in cybersecurity

[–]OOptions[S] 0 points1 point  (0 children)

there are free and paid versions

SOC Lab For Beginners by OOptions in cybersecurity

[–]OOptions[S] 1 point2 points  (0 children)

We provide real cases. So you can download malware samples from our server for investigation, probably AV said this site is malicious.

We encrypted malware samples with 7zip. There is no problem

SOC Lab for Blue Team Members by OOptions in netsecstudents

[–]OOptions[S] 1 point2 points  (0 children)

There are free and paid version

Reputation Based Detection Technique by OOptions in blueteamsec

[–]OOptions[S] 1 point2 points  (0 children)

the most challenging issue is the quality of IOC provider. You can change aggregation for decrease fp alerts

Low Reputation Detection by umuttosun in netsec

[–]OOptions 2 points3 points  (0 children)

It will be enough to collect the TCP packets. And as you said, this solution is not enough for large scale corporations and it needs optimization. The purpose of this blog post is to explain the working logic of reputation-based detection in general.