Incident Analysis with ELK Kibana | HTTP Logs Analysis | TryHackMe ItsyBitsy

We covered cyber incident analysis with ELK Kibana or Elastic Search. We covered http logs pulled from a compromised Windows machine communicating with C2 server. This was part of TryHackMe ItsyBitsy.

Blue Team Field Notes

This guide cover various areas such as cyber threat intelligence, incident response operational notes, secure coding…

Splunk SIEM Full Course with Practical Scenarios

One video with six hours length focusing on Splunk basics and practical scenarios in Cyber security. Note: Once you buy…

Challenge Description

During normal SOC monitoring, Analyst John observed an alert on an IDS solution indicating a potential C2 communication from a user Browne from the HR department. A suspicious file was accessed containing a malicious pattern THM:{ ________ }. A week-long HTTP connection logs have been pulled to investigate. Due to limited resources, only the connection logs could be pulled out and are ingested into the connection_logs index in Kibana.

Full Writeup can be found here.

Video Walkthrough