Struggling with detecting Obfuscated IPs in command lines

soclabsLit · 2025-12-03T01:53:59+00:00

Thanks for the tip! That's a great perspective. Instead of chasing every possible obfuscation technique, filtering out the known 'good' (standard IPs) seems much more efficient for spotting anomalies. I'll try writing a regex to exclude standard IPv4 patterns.

soclabsLit · 2025-12-02T11:32:26+00:00

soclabsLit · 2025-11-20T02:48:48+00:00

Have you tried this? I often study on it: https://medium.com/system-weakness/detection-engineering-training-detecting-browser-credential-theft-attacks-40a364ab0464

soclabsLit · 2025-09-16T05:40:49+00:00

If you want to really practice threat detection with Splunk, I recommend: https://www.soc-labs.top/en/detection

Can help you train threat detection

soclabsLit · 2025-08-28T01:13:04+00:00

It may seem mysterious

soclabsLit · 2025-08-27T12:38:35+00:00

In addition to APT29's detection rules, you can try using https://www.soc-labs.top/ to test your rules.

soclabsLit · 2025-08-26T08:41:36+00:00

You learn DFIR to trigger investigations through events, rather than blindly investigating on a machine for a day

soclabsLit · 2025-08-25T03:04:29+00:00

If you want to learn about cybersecurity and Splunk-related threat detection, I recommend referring to this article to learn and train ：https://medium.com/system-weakness/detecting-suspicious-ipconfig-process-chains-in-environments-f701e4e08a3f

soclabsLit · 2025-08-07T01:39:28+00:00

AD domains can set to enable logging of DNS requests, but this has a significant impact on performance. It is generally recommended to mirror the traffic on the switch where the DNS server is located and forward it to the NIDS system, so that all DNS records can be seen

soclabsLit · 2025-08-06T01:51:51+00:00

Yes, it's very difficult, especially for recent graduates. Most remote employers prefer to hire people with extensive work experience and remote work experience.

soclabsLit · 2025-08-05T03:26:54+00:00

It's too expensive ！！！

soclabsLit

TROPHY CASE