Скачать или смотреть Threat Hunting Tutorial- Day 7, Hunt on Network Logs, PCAP

Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses.

After sneaking in, an attacker can stealthily remain in a network for months as they quietly collect data, look for confidential material, or obtain login credentials that will allow them to move laterally across the environment.

Once an adversary is successful in evading detection and an attack has penetrated an organization’s defenses, many organizations lack the advanced detection capabilities needed to stop the advanced persistent threats from remaining in the network. That’s why threat hunting is an essential component of any defense strategy.

Today is Day7 and today we are going to hunt on PCAP and network logs.
✅Pcap Analysis With Prads. PRADS or Passive Real-time Asset Detection System can be used with digital fingerprints (PCAP's) to recognize services on the wire to map your network, letting you know what services and hosts are alive, or can be used together with your favorite IDS/IPS setup for “event to host/service” correlation.

✅Proactive Network Threat Hunting with Chaosreader, a freeware tool that traces tcp, udp etc. sessions and fetches application data from snoop or tcpdump logs. With ChaosReader you'll be able to quickly go through really large, multiple, or even worse, multiple large PCAP files.

✅Tshark is a network protocol analyzer and basically the command-line version of Wireshark. Tshark allows you to read or capture packet data from a live network or a previously saved capture file.

✅Suricata is a free and open-source, mature, fast, and robust network threat detection engine. It is capable of real-time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM), and offline pcap processing. It is basically a response to snort.

⚙Tools for your Requirement
-------------------------------------------------------------------------------------------------------------------------
✅PRADS- https://github.com/gamelinux/prads
✅ChaosReader- http://chaosreader.sourceforge.net/
✅Tshark- https://www.wireshark.org/docs/man-pa...
✅Suricata- https://suricata.io/
✅JQ- https://github.com/stedolan/jq

WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
INCIDENT RESPONSE TRAINING Full Course 👉   • BlackPerl DFIR  || INCIDENT RESPONSE TRAIN...  
DFIR Free Tools and Techniques 👉    • BlackPerl DFIR || DFIR Tools and Techniques  
Windows and Memory Forensics 👉    • BlackPerl DFIR || Windows and Memory Foren...  
Malware Analysis 👉    • BlackPerl DFIR || Malware Analysis Series  
SIEM Tutorial 👉    • BlackPerl DFIR || Learn SIEM with me & Cre...  
Threat Hunt & Threat Intelligence 👉    • BlackPerl DFIR || Threat Hunt & Threat Int...  

⌚
Timelines
-------------------------------------------------------------------------------------------------------------------------
0:00 ⏩ Introduction
0:32 ⏩ What is the Idea?
5:28 ⏩ PCAP Analysis using Prads
10:12 ⏩ PCAP Hunt using ChaosReader
14:28 ⏩ PCAP Hunt using Tshark
21:15 ⏩ PCAP Hunt using Suricata
31:42 ⏩ Summarize

📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ LinkedIn:   / blackperl  
✔ You can reach out to me personally in LinkedIn as well- https://bit.ly/38ze4L5
✔ Twitter: @blackperl_dfir
✔ Git: https://github.com/archanchoudhury
✔ Insta: (blackperl_dfir)  / blackperl_dfir  
✔ Can be reached via [email protected]