Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Dr. Maik Ro Profile picture
Dr. Maik Ro
@maikroservice
Training the next generation of Hackers | 💜-Team Hacker | CRTP, PNPT, eCPPTv2, BTL1, CRTO, CARTP, BTL2 (last one soon™ CRTL) | he/him
𝓙𝓪𝓬𝓴2 Profile picture SJ Profile picture CyberCCSS Profile picture Phil Evans 🇪🇺 Profile picture j_t3sh Profile picture 14 subscribed
Feb 19 26 tweets 4 min read
Walkthrough 🚶🚶‍♀️🚶‍♂️ - What does all of this mean and why should I care?! Image In the last post I shared the screenshot above with you ⬆️

& wanted to know what you would do if you see this after an alert was triggered when a new account logged into one of the machines in your company network
Jan 25 26 tweets 6 min read
Day 2️⃣7️⃣

MITRE ATT&CK Framework for brainiacs 🧠 and other cyber stars🌟: Imagine you are a glorious SOC Analyst working on a beautiful new case after the following alert has been thrown: Image
Jan 15 33 tweets 7 min read
Day 2️⃣6️⃣

Detecting Image Brute Force attacks are very common lateral movement / initial access vectors because humans are inherently bad at remembering long complex passwords.
💡 What is the difference between brute-force, password spraying and credential stuffing?
Jan 11 31 tweets 6 min read
Day 2️⃣5️⃣

Detecting Network Behaviour of Hackers with IDS: Image We oftentimes want to detect attackers based on their actions

& one tool that allows us to do just that is an Intrusion Detection System (IDS).

IDS is software that is checking network traffic on a packet level and compares it to predefined/custom rules.
Jan 8 32 tweets 4 min read
Day 2️⃣4️⃣ - How the Windows Event Log System works: During the 30 Day Practical SOC Analyst Training you have set up your local SIEM to learn more about alerts & attack detection

wanna join?!
academy.maikroservice.com/p/30-day-soc-a…
Jan 5 31 tweets 9 min read
Linux Log Files and where to find them: Image First up - are you ready to become a full fledged cyber professional?

Maybe even a Security Analyst or Security Operations Center Analyst?

Good - I have just the thing for you - sign up now for the bootcamp waitlist at:
maikroservice.com/waitlist
Image
Dec 30, 2023 24 tweets 8 min read
Day 2️⃣2️⃣
How to join Computers to your Domain - Windows & Linux: Wonderful, you made it.

I was hoping you would join me for Part II of "Your HomeLab AD Domain"

You did not see Part 1?!

Look here:
Dec 30, 2023 31 tweets 12 min read
Day 2️⃣1️⃣
How to setup AD in your HomeLab: Today we try something new - for the TLDR; folks,
have a look at the visual of the thread:



This way you can have a birds-eye view first on pinterest and then come back for details once you are ready - I hope it helps.pinterest.de/pin/1065171749…
Dec 28, 2023 50 tweets 13 min read
Day 2️⃣0️⃣ of Your 30 Day SOC Analyst Journey

How to detect Windows Attacks - Kerberoasting: Kerberoasting is one of the quickest way for an attacker to get password hashes and try to crack them to get to the passwords

It is based on a “feature” that essentially allows anyone to request a ticket (TGS) from the domain controller without knowing the users password
Dec 24, 2023 45 tweets 12 min read
Day 1️⃣9️⃣ of Your 30 Day SOC Analyst Journey

The Art of Memory Forensics explained for Beginners: Let’s continue our Story - shall we!?
Dec 23, 2023 28 tweets 10 min read
Day 1️⃣8️⃣ of Your 30 Day SOC Analyst Journey

How to analyze computer snapshots: Image To make sure we are all on the same page

Yesterday we learned how to create a snapshot of a potentially compromised machine:

Today we will use a snapshot from the internet just so that we are all on the same page.
Dec 20, 2023 18 tweets 6 min read
Day 1️⃣7️⃣ of Your 30 Day SOC Analyst Journey
How to get started with Digital Forensics: Image Digital Forensics, the stuff you always dreamed about since CSI Miami.

What is Digital Forensics?, you ask

Let me tell you a story.
Dec 20, 2023 38 tweets 11 min read
Day 1️⃣6️⃣ of Your 30 Day SOC Analyst Journey
How to write custom SIEM rules for PowerShell Commands: Image You want to hunt down attackers when they use the most powerful tool available on Windows systems?

You need to know how to write custom PowerShell rules to do just that - it all starts with PowerShell logs.
Dec 19, 2023 36 tweets 11 min read
Day 1️⃣5️⃣ of Your 30 Day SOC Analyst Journey
Behavior-based detection 💙 - 10x better than signatures: Image Most of the people (55%) who read this have not yet followed @maikroservice -

If you learn something today - I would kindly ask you to smash that follow button so that I can make sure to produce high quality engaging content that teaches you new things regularly.

Thank you
Dec 17, 2023 29 tweets 10 min read
Day 1️⃣4️⃣ of Your SOC Analyst Journey

How to DELETE malware 🦠 automagically 🪄✨: Image Dear fellow cyber witches and wizards - today your initiation ceremony into the ranks of high cyber council is commencing - I shall be your guide into the world of automagic

GO be a HERO! Image
Dec 16, 2023 28 tweets 9 min read
Day 1️⃣3️⃣ of Your SOC Analyst Journey

Automatic detection of malware: Image In the last threads we walked through

FIM - File Integrity Monitoring,
Signature-based detection via YARA
and your first detection rules Image
Dec 14, 2023 31 tweets 8 min read
Day 1️⃣2️⃣ of Your SOC Analyst Journey

📜 For Beginners - How to start using Signature-based Detection for Malware: Image 🚨 We are still in crisis-mode. 🚨

In the last threads we went through a simulated incident that snatched you off of your comfy 🛋️ and right into 🔥🧑‍🚒 fire extinguisher mode at your company
Dec 13, 2023 38 tweets 6 min read
Day 1️⃣1️⃣ of Your SOC Analyst Journey

How to use File Integrity Monitoring to detect hacker: Image Since we want to talk about File Integrity Monitoring we need to talk about Indicators of Compromise

Lets break down what “compromise” actually means shall we?

We will look at two scenarios:
Dec 11, 2023 27 tweets 7 min read
Day 1️⃣0️⃣ - Becoming a SOC analyst 💙

How to install SIEM agents on WIN & LINUX in your HomeLab: Image In the last thread you installed a SIEM in your HomeLab:

But a SIEM in itself is not really useful without one magic ingredient 🪄

Log files 🗃️
Dec 10, 2023 20 tweets 6 min read
Day 9️⃣ of Your SOC Analyst Journey

How to build your own SIEM for your HomeLab: Image What on Earth is a SIEM anyway?

A SIEM is a Monitoring System that collects/aggregates Logs - the abbreviation means:

Security Information and Event Management System

It is a critical component in the security infrastructure of any company.

Ok got it...
Dec 10, 2023 31 tweets 11 min read
Day 8️⃣ of Your SOC Analyst Journey

How to start with Reverse Engineering Malware: Image Disclaimer - be careful today, we are handling real malware, stuff can go wrong and you are doing this of your own free will, no one forced you, I cannot not be held responsible.

🔒 stay safe!