DFIR

Important Event IDs for SOC Analysts System Log Event IDs Service Control Manager Events Event ID 7000: The service failed to start due to the following error… Event ID 7001: The service depends on the service which failed to start… Event ID 7034: The service terminated unexpectedly… Event ID 7040: The start type of the service was changed from… Event ID 7045: A service was installed in the system. System Shutdown and Startup Events Event ID 6005: The Event Log service was started....

SOC & DFIR Roadmap Last Modification Date: 6 Sep 2024 Introduction I know, you’ve seen countless roadmaps for starting a cybersecurity career. But let’s face it: any path can get you there if you stick with it. Here’s my suggested route to help you stay on track and avoid getting lost. Zero Level: Building the Foundation If you’re starting out in cybersecurity, you’ve probably heard you need to know a bit of everything....

Description We captured this traffic from P13's computer so can you help him? Tools 1- Wireshark 2- OSINT Tools 3- Reverse engineering 4- Python scripting Writeup Q1 in this challenge I got a network traffic. so let’s openit and investigate that traffics. As we can see there are 25,262 packets so let’s filter the streams to TCP protocols and check if there is anything suspicious. Okay got 7780 stream so let’s check the whole stream and find something interesting....

Description The victim found out their private info was out there for everyone to see, and things got worse – the bad guys got into their money stuff, social media, and personal emails. We got an image of his machine so you can tell us what happened. Tools Tools Required 1- FTKimger 2- Notepad++ 3- DB Browser for SQLite Writeup From the challenge description, we can see that the victim’s PII was stolen....

Description Our friend fell victim to a suspicious crack tool. but it seems it didn't goes in the right path so investigate it to find any evidence. Tools Tools Required 1- Volatility 2- Notepad++ 3- VirusTotal or VM. 4- Linux Command Line Writeup Q1 How many users are on the machine? In this question we can use filescan then grep the Users and sort them and find the uniq...