Hello people, welcome back to another write-up on a new SOC case on the Let’s Defend platform! In today’s case we investigate a potentially malicous file upload attempt to our git server. If you missed my last Let’s Defend write-up, you can find it here. The event On Feb. 22 a file named “phpshell.php” (alarm […]
incident response
Let’s Defend: Event 75 – SOC105 – Requested T.I. URL address – Write-up (Advertisement)
Gooood day fellow readership. Since many of you liked my last post about the letsdefend.io-platform, I got you another one today! So without further ado: Let’s defend! The event Today’s alert triggered the SOC rule 105 – Requested T.I. URL address. So apparently the hostname “MarksPhone” (IP: 10.15.15.12) requested an URL listed in our Threat […]
Let’s Defend: Event 88 – SOC 141 Phishing URL Detected – Write-up
Welcome to my write-up about the event #88 on letsdefend.io, a platform where you can respond to certain information security events as if you were working in a SOC. I really enjoy solving these challenges while learning about incident response and its methods. Assigning the event Well, our SIEM detected a potential malicous activity, which […]