Timothy ClintSOC102 — Proxy — Suspicious URL DetectedToday I decided to take up a High severity alert which is SOC102 — Proxy — Suspicious URL Detected— Event ID 66.Jun 20, 2022Jun 20, 2022
Timothy ClintSOC135 — Multiple FTP Connection AttemptToday I will be working on SOC135 — Malicious File Upload Attempt — Event ID 72. This alert was triggered by multiple failed FTP login on…Jun 19, 2022Jun 19, 2022
Timothy ClintSOC173 — Follina 0-Day DetectedThe past weeks the world was shocked by a new Microsoft Office zero-day vulnerability. Luckily, Letsdefend.io was fast and released a new…Jun 8, 2022Jun 8, 2022
Timothy ClintSOC167 — LS Command Detected in Requested URLAs my first article for the month of June, I decided to investigate a High severity alert which is SOC167 — LS Command Detected in…Jun 1, 2022Jun 1, 2022
Timothy ClintSOC163 — Suspicious Certutil.exe UsageToday we will be investigating SOC163 — Suspicious Certutil.exe Usage— Event ID 113. This alert was triggered by -f parameter which means…May 22, 2022May 22, 2022
Timothy ClintSOC128 — Malicious File Upload AttemptToday I will be investigating SOC128 — Malicious File Upload Attempt — Event ID 62. This alert was triggered by an upload of a malicious…May 14, 2022May 14, 2022
Timothy ClintSOC165 — Possible SQL Injection Payload DetectedAs my first article for the month of May, I immediately went ahead to Letsdefend.io and picked a High severity alert on the Monitoring tab…May 3, 2022May 3, 2022
Timothy ClintSOC168 — Whoami Command Detected in Request BodyIt’s been a while since my last post and now I will be investigating SOC164 — Suspicious Mshta Behavior with Event ID 118. It is a High…Apr 23, 2022Apr 23, 2022
Timothy ClintSOC134 — Suspicious WMI ActivityToday we are going to tackle this High severity alert from Letsdefend.Apr 7, 2022Apr 7, 2022
Timothy ClintCyberDefenders — HawkEyeToday I’ll be trying to finish one of the Packet Analysis challenges from CyberDefenders as I want to use WireShark and NetworkMiner again…Apr 6, 2022Apr 6, 2022