Hello people, welcome back to another write-up on a new SOC case on the Let’s Defend platform! In today’s case we investigate a potentially malicous file upload attempt to our git server. If you missed my last Let’s Defend write-up, you can find it here. The event On Feb. 22 a file named „phpshell.php“ (alarm […]
Author : signup
Let’s Defend: Event 75 – SOC105 – Requested T.I. URL address – Write-up (Advertisement)
Gooood day fellow readership. Since many of you liked my last post about the letsdefend.io-platform, I got you another one today! So without further ado: Let’s defend! The event Today’s alert triggered the SOC rule 105 – Requested T.I. URL address. So apparently the hostname „MarksPhone“ (IP: 10.15.15.12) requested an URL listed in our Threat […]
Let’s Defend: Event 88 – SOC 141 Phishing URL Detected – Write-up
Welcome to my write-up about the event #88 on letsdefend.io, a platform where you can respond to certain information security events as if you were working in a SOC. I really enjoy solving these challenges while learning about incident response and its methods. Assigning the event Well, our SIEM detected a potential malicous activity, which […]
De-Obfuscating WordPress Malware (PHP Code)
DISCLAIMER: I do not want that code to be in wrong hands. Please respect my decision to not fully show all of its content. Thank you very much! Getting the raw code Okay, since I am working in a webhosting environment, I have to deal with a hacked wordpress instance every now and then. It […]
Hi, ich bin Ben!
Cool, dass Du hier bist! Du magst also mehr über mich wissen? – Kein Problem! Klicke einfach auf Wer bin ich? Ganz schön leer hier, richtig? Keine Angst: Ich habe gerade erst gestartet. Mein Blog wird nach und nach mit (hoffentlich) interessanten Beiträgen aus dem IT-Bereich und meinem privaten Leben gefüllt. Der Satz ist schon […]