Incident Response Training, Live Forensics of Compromised Website
Ғылым және технология
With the continuation of my Incident Response Training Series, today I will be covering a Live Forensics for a Compromised Website running on Linux. So, this Episode is another Video for my Linux Forensics Series as well.
Also, I am giving away a couple of VIP Coupons for Let's Defend Lab and Blue Team Lab Online. So watch the episode to participate and grab your chance!!
This incident started when a eCommerce Website www.ella.com (Name changed) has been compromised and taken down by the hackers! The business was completely down as the website was the Web Portal for the company's shopping site. So, in this episode I will share you each and every step that I performed to find out what/how/when. This is a Live Incident Response and Forensics episode where we will go deeper in Linux. In this Episode,
👉 I will show you what got changed in the server to make the actual website unreachable and flashing a bizarre Message
👉 I will decode the full obfuscated code and identify the IOCs
👉 Analyze logs to identify how the attacker get into the server
👉 Will run a Self Made Tool (Power Forensics) to capture volatile data from the server. I will make the tool open-source once I complete the full project! So stay tuned for next Episodes
👉 Analyse the volatile data to identify more traces of Attacker
So it's a full detailed analysis of real SOC Incident and has in depth analysis. If you want to become a SOC analyst, want to work on real cyber incidents, if you are a absolute beginner or a experienced professional; each one of you should have something in this episode, in terms of learning and also get a opportunity to earn the Forensics Certification Examination voucher!! So, watch the full episode and ROCK in SOC!!
Tools I have used in this Episode-
👉 CyberChef
👉 Volatility Memory Forensics
👉 Power Forensics
👉 SIFT Workstation
👉 ClamAV
Related Episodes-
🔗 Linux Forensics Intro- • Linux Memory Capture a...
🔗 Similar Sev0 Incident- • Incident Response Trai...
🔗 Learning Yara- • How to Create Yara || ...
🔗 Intro to Memory Forensics- • Introduction to Memory...
🔗 Detailed Memory Forensics- • The Next Big Event You...
🔗 Malware Analysis Lab Creation- • Creation of Malware An...
🔗 Malware Analysis for beginners- • Malware Analysis Bootc...
WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
INCIDENT RESPONSE TRAINING Full Course 👉 • BlackPerl DFIR || INC...
DFIR Free Tools and Techniques 👉 • BlackPerl DFIR || DFIR...
Windows and Memory Forensics 👉 • BlackPerl DFIR || Wind...
Malware Analysis 👉 • BlackPerl DFIR || Malw...
SIEM Tutorial 👉 • BlackPerl DFIR || Lear...
Threat Hunt & Threat Intelligence 👉 • BlackPerl DFIR || Thre...
⌚
Timelines
-------------------------------------------------------------------------------------------------------------------------
0:00 ⏩ Pretty sketchy stuff!
2:04 ⏩ Background
5:06 ⏩ What has happened
6:47 ⏩ Login to host and Start Analysis
15:55 ⏩ Decode the Malicious Code
28:40 ⏩ Analyze Access Logs
44:14 ⏩ Run Power Forensics
50:51 ⏩ Analyze Volatile Data
1:04:55 ⏩ Run ClamScan
1:06:54 ⏩ Recap Analysis
1:10:11 ⏩ Report from ClamScan
1:14:16 ⏩ Let's Summarize
📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ LinkedIn: / blackperl
✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5
✔ Twitter: @blackperl_dfir
✔ Git: github.com/archanchoudhury
✔ Insta: (blackperl_dfir) / blackperl_dfir
✔ Can be reached via archan.fiem.it@gmail.com
SUPPORT BLACKPERL
-------------------------------------------------------------------------------------------------------------------------
╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗
║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣
╠╗║╚╝║║╠╗║╚╣║║║║║═╣
╚═╩══╩═╩═╩═╩╝╚╩═╩═╝
➡️ SUBSCRIBE, Share, Like, Comment
☕ Buy me a Coffee 👉 www.buymeacoffee.com/BlackPerl
📧 Sponsorship Inquiries: archan.fiem.it@gmail.com
-------------------------------------------------------------------------------------------------------------------------
🙏 Thanks for watching!! Be CyberAware!! 🤞
Пікірлер: 38
With the continuation of my Incident Response Training Series, today I will be covering a Live Forensics for a Compromised Website running on Linux. So, this Episode is another Video for my Linux Forensics Series as well. Also, I am giving away a couple of VIP Coupons for Let's Defend Lab and Blue Team Lab Online. So watch the episode to participate and grab your chance!! This incident started when a eCommerce Website www.ella.com (Name changed) has been compromised and taken down by the hackers! The business was completely down as the website was the Web Portal for the company's shopping site. So, in this episode I will share you each and every step that I performed to find out what/how/when. This is a Live Incident Response and Forensics episode where we will go deeper in Linux. In this Episode, 👉 I will show you what got changed in the server to make the actual website unreachable and flashing a bizarre Message 👉 I will decode the full obfuscated code and identify the IOCs 👉 Analyze logs to identify how the attacker get into the server 👉 Will run a Self Made Tool (Power Forensics) to capture volatile data from the server. I will make the tool open-source once I complete the full project! So stay tuned for next Episodes 👉 Analyse the volatile data to identify more traces of Attacker So it's a full detailed analysis of real SOC Incident and has in depth analysis. If you want to become a SOC analyst, want to work on real cyber incidents, if you are a absolute beginner or a experienced professional; each one of you should have something in this episode, in terms of learning and also get a opportunity to earn the Forensics Certification Examination voucher!! So, watch the full episode and ROCK in SOC!! Tools I have used in this Episode- 👉 CyberChef 👉 Volatility Memory Forensics 👉 Power Forensics 👉 SIFT Workstation 👉 ClamAV Related Episodes- 🔗 Linux Forensics Intro- kzread.info/dash/bejne/l39hu5iGqbCxhqg.html 🔗 Similar Sev0 Incident- kzread.info/dash/bejne/poKBxdSLcd3MgJc.html 🔗 Learning Yara- kzread.info/dash/bejne/dn1p3LiYpqqwc5M.html 🔗 Intro to Memory Forensics- kzread.info/dash/bejne/h2eup9yNnJqTo8o.html 🔗 Detailed Memory Forensics- kzread.info/dash/bejne/l2SAl5ODd6XLlJs.html 🔗 Malware Analysis Lab Creation- kzread.info/dash/bejne/d2xq2duond2qmtY.html 🔗 Malware Analysis for beginners- kzread.info/dash/bejne/dmed0KaGaM6zXbw.html WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!! ------------------------------------------------------------------------------------------------------------------------- INCIDENT RESPONSE TRAINING Full Course 👉kzread.info/head/PLj... DFIR Free Tools and Techniques 👉 kzread.info/head/PLj... Windows and Memory Forensics 👉 kzread.info/head/PLj... Malware Analysis 👉 kzread.info/head/PLj... SIEM Tutorial 👉 kzread.info/head/PLj... Threat Hunt & Threat Intelligence 👉 kzread.info/head/PLj... ⌚ Timelines ------------------------------------------------------------------------------------------------------------------------- 0:00 ⏩ Pretty sketchy stuff! 2:04 ⏩ Background 5:06 ⏩ What has happened 6:47 ⏩ Login to host and Start Analysis 15:55 ⏩ Decode the Malicious Code 28:40 ⏩ Analyze Access Logs 44:14 ⏩ Run Power Forensics 50:51 ⏩ Analyze Volatile Data 1:04:55 ⏩ Run ClamScan 1:06:54 ⏩ Recap Analysis 1:10:11 ⏩ Report from ClamScan 1:14:16 ⏩ Let's Summarize 📞📲 FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- ✔ LinkedIn: www.linkedin.com/company/blac... ✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5 ✔ Twitter: @blackperl_dfir ✔ Git: github.com/archanchoudhury ✔ Insta: (blackperl_dfir)instagram.com/blackperl_d... ✔ Can be reached via archan.fiem.it@gmail.com SUPPORT BLACKPERL ------------------------------------------------------------------------------------------------------------------------- ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ ➡️ SUBSCRIBE, Share, Like, Comment ☕ Buy me a Coffee 👉 www.buymeacoffee.com/BlackPerl 📧 Sponsorship Inquiries: archan.fiem.it@gmail.com ------------------------------------------------------------------------------------------------------------------------- 🙏 Thanks for watching!! Be CyberAware!! 🤞
Informative and clear to the point, and participating in giveaway
@BlackPerl
2 жыл бұрын
Thanks, All the best.
this is great! looking forward to more such IR videos.
@BlackPerl
2 жыл бұрын
Thanks, Please stay tuned!
Amazing analysis pls keep adding these kind of videos.
@BlackPerl
2 жыл бұрын
Thank you, Sure!
Excellent Episode!!
Love it..great job buddy !
@BlackPerl
2 жыл бұрын
Thank you,
Please use gf tool to search through entire site repo and you will find things quicker. Great job. Real saviour.
@BlackPerl
2 жыл бұрын
Excellent Feedback!
Very Interesting and Helpful🔥
@BlackPerl
2 жыл бұрын
Thanks,
Great content, keep up the good work!
@BlackPerl
2 жыл бұрын
Thank you
Very helpful . Thank you archan sir.
@BlackPerl
2 жыл бұрын
Glad you liked it!!
Participating in giveaway, posted in LinkedIn. Thanks!!
@BlackPerl
2 жыл бұрын
Thanks, All the best!
nice learnt new things...
@BlackPerl
2 жыл бұрын
Glad to hear that
Great video can we get some windows forensics, I take part in the raffle
@BlackPerl
2 жыл бұрын
Thanks, Sure thing!! Have made some in past. But will create more! Checkout this playlist- kzread.info/head/PLjWEV7pmvSa50erciZUSnzvE7nK0FyvsH
Usually we don't get how exploitation is took place in Web Logs or IIS Logs, please share your views on this as well.
@BlackPerl
2 жыл бұрын
That's not totally correct I guess. I have seen exploit attempts in my past work on IIS logs while someone tried to POST a binary to exploit CVE-2020-0688. Also for Win, there are several other options to look for like- event logs, process execution, memory dump(comparably easy analysis process than Linux) Also, In real world, you should have a WAF and your website hosted on IIS server behind it. So, that helps.
Sir I am participating for the giveaway. Already posted on LinkedIn. 😍
@BlackPerl
2 жыл бұрын
Thanks, All the best.
Sir, I am participating for giveaway. Already posted in LinkedIn
@BlackPerl
2 жыл бұрын
Thanks, All the best!
Can you please explain windows forensic analysis investigation sir
@BlackPerl
2 жыл бұрын
Thanks, Sure thing!! Have made some in past. But will create more! Checkout this playlist- kzread.info/head/PLjWEV7pmvSa50erciZUSnzvE7nK0FyvsH Also, watch the previous episode- kzread.info/dash/bejne/poKBxdSLcd3MgJc.html
@RamaKrishna-lg1zo
2 жыл бұрын
@@BlackPerl Thank you sir
i am in
@BlackPerl
2 жыл бұрын
All the Best!
1st comment 😍
Sir, I am participating for giveaway. Already posted in LinkedIn
@BlackPerl
2 жыл бұрын
All the best!