Collection of notes taken for the eLS IHRP course. I took these notes while going through the course. They are not meant to be comprehensive or complete and are meant largely for reference.
- Useful Wireshark filter expressions
- Threathunting with Windows logging
- Suricata cheatsheet
- Splunk cheatsheet
- ELK cheatsheet
- Bro/Zeek cheatsheet
ivan@SO:~/IHRP/2015-02-24-traffic-analysis-exercise$ sudo so-import-pcap 2015-02-24-traffic-analysis-exercise.pcap
Visit https://192.168.92.142/app/kibana, restrict time range to pcap's.
Visit https://192.168.92.142/squert/, restrict time range. How to restrict time range (time interval)
- https://www.threatminer.org/ - Can analyse file hashes of malware tells you what IP it communicates with. Check out virusshare as well it gives the port number and process it masquerades as.
- https://threatcrowd.org/ - Alternative, searches IP, domain but not file hashes
- https://htmledit.squarefree.com/ - For rendering HTML content (more readable emails)
- https://hybrid-analysis.com/
- Or search Google for URL/hash, hopefully links you to something useful