Rahim SharifovLetsDefend.io Exercise Wrap-upLetsDefend.io EventID: 94 Write-Up SSH scan activityMay 28, 2022May 28, 2022
Rahim SharifovLetsDefend.io EventID: 94 Write-Up SSH scan activityIn this exercise , alert was triggered with rule SOC147 — SSH Scan activity . This alert triggered when machine tries to scan network.May 28, 2022May 28, 2022
Rahim SharifovLetsDefend.io EventID: 87 Write-up Phishing mail detectedIn this exercise, alert triggered by rule SOC101- Phishing mail detected.May 28, 2022May 28, 2022
Rahim SharifovLetsDefend.io EventID: 90 Write-up Password stealer detectedIn EventID: 90 , an alert was triggered based rule SOC143- Password Stealer DetectedMay 28, 2022May 28, 2022
Rahim SharifovLetsDefend.io EventID:93 Write-Up Phishing mail detected Excel 4.0 macrosIn this blue team exercise alert was triggered with rule name SOC146 Phishing mail detected Excel 4.0 macros. If we look at the expanded…May 27, 2022May 27, 2022
Rahim SharifovLetsDefend.io EventID:115 Write-Up Possible SQL Injection payload detectedIn this write-up we will go through Letsdefend.io exercise with EventID: 115 in which alert triggered by the rule SOC165- Possible SQL…May 27, 2022May 27, 2022
Rahim SharifovLetsDefend.io EventID:116 Write-Up Javascript Code Detected in Requested URLIn this write-up we will analyze blue team exercise with EventID: 116 in which alert triggered stating Javascript Code Detected in…May 27, 2022May 27, 2022
Rahim SharifovLetsDefend.io EventID: 117 Write-Up LS Command Detected in Requested URLBlue team exercise in LetsDefend.io for EventID: 117 is a case where alert was triggered based on rule SOC167 — LS command detected in…May 26, 2022May 26, 2022
Rahim SharifovLetsDefend.io EventID: 118 Write-Up Whoami Command Detected in Request BodyIn this Write-Up we will explore Blue Team exercise in LetsDefend.io EventID: 118, alert triggered by rule SOC168-Whoami Command Detected…May 26, 2022May 26, 2022
Rahim SharifovLetsDefend.io EventID: 120 Write-up Possible LFI attackThis is walkthrough for blue team related exercise with EventID 120 in LetsDefend.io.May 24, 2022May 24, 2022