Скачать или смотреть How to Analyze Apache Logs for Attacks Using *Splunk* - (Aoc Day 15)

In Day 15 of Advent of Cyber 2025, we are jumping into Digital Forensics! A TBFC delivery drone has been acting strangely, and Splunk has detected unusual process activity. It turns out the drone's scheduler web interface is under attack!

In this video, I will show you how to use Splunk to triage the incident, analyze Apache Web Logs for malicious requests, and pivot to Sysmon logs to see exactly what commands the attacker executed on the system.

👇 IN THIS VIDEO YOU WILL LEARN:

✅ Splunk Basics: How to query logs for suspicious activity.
✅ Web Attack Analysis: Identifying Command Injection in HTTP requests.
✅ Decoding Payloads: How to spot and decrypt Base64 PowerShell strings.
✅ Sysmon Forensics: Tracing the attack from the web server to the OS shell.
✅ The Kill Chain: Reconstructing the full story of the "Drone Alone" hack.

THE CHALLENGE: The Blue Team needs our help! We must query the logs to find the IP address of the attacker, identify the malicious file they tried to run, and decode the hidden message they left behind.