🎖Top 10 Standard IOC and TTPs for SOC

Here is standard top ten common Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) that SOC analysts often encounter over the period.

✅A: Indicators of Compromise (IOCs):

1.#Malicious IP Addresses: IP addresses associated with known command and control (C2) servers or malicious activities.
2. #Malware Hashes: Hashes of malicious files used in attacks, such as viruses or Trojans.
3. #Domain Names: Suspicious or typo-squatting domains used for phishing or C2 communication.
4. #URLs: Links to malicious websites or payloads, often delivered through phishing emails.
5. #Email Addresses: Addresses used in phishing campaigns or to receive stolen data.
6. #File Paths: Unusual or suspicious file paths on systems or servers.
7. #Registry Keys: Unauthorized or malicious registry keys that may indicate compromise.
8. #User-Agent Strings: Uncommon or malicious user-agent strings in HTTP requests.
9. #YARA Signatures: Custom rules used to detect specific patterns or characteristics in files.
10. #Behavioral Anomalies: Unusual behavior, like excessive data exfiltration or unusual system activities.

✅B: Tactics, Techniques, and Procedures (TTPs):

1. #Phishing: Attackers use deceptive emails to trick users into revealing sensitive information or executing malicious code.
2. #Malware Delivery: Sending malicious files via email attachments, compromised websites, or other means.
3. #Command and Control (C2): Communication between malware and attacker-controlled servers for remote control and data exfiltration.
4. #Credential Theft: Techniques like keylogging or credential dumping to steal login credentials.
5. #Lateral Movement: Moving laterally within a network to explore and compromise other systems.
6. #Privilege Escalation: Gaining higher-level access to systems by exploiting vulnerabilities or misconfigurations.
7. #Data Exfiltration: Stealing sensitive data and sending it to the attacker-controlled infrastructure.
8. #Denial of Service (DoS): Overwhelming a system or network to disrupt availability.
9. #Ransomware: Encrypting data and demanding a ransom for decryption.
10. #Fileless Attacks: Exploiting legitimate system tools and processes to carry out attacks without leaving traces on disk.

These IOCs and TTPs are just a starting point, as the threat landscape is constantly evolving.

Effective SOC analysts should continuously update their knowledge and adapt their detection strategies to new attack techniques by keeping themselves up to date with Applicable threats based on the type of industry.

#TTP #IOC
تیم سورین

👩‍💻 ++ 101 Linux commands.

• من یک کتاب رایگان با شما به اشتراک می گذارم که بیشتر یک برگه تقلب حجیم با دستورات لازم برای انجام کارهای خاص است. این کتاب نه تنها برای مبتدیان، بلکه برای کاربران باتجربه #لینوکس نیز مفید خواهد بود. این مطالب برای تسلط بر خط فرمان مفید است و به دسته های زیر تقسیم می شود:

• Basics;
- File Hierarchy Standard (FHS);
- Commands;
• Disk and File System Management;
- General Disk Manipulation (non-LVM);
- Globs (Wildcards);
- Regex;
- Stream redirection;
• Text Readers & Editors;
- Less;
- VI;
• User and Group Management;
• File System Permissions;
• SSH;
• Cronjobs;
• Package Management;
- RPM;
- YUM;
• List of commands by category:
- Directory Navigation;
- File Commands;
- File and Directory Manipulation;
- Package archive and compression tools;
- System commands;
- Networking Commands;
- Package Management;
- User Information commands;
- Session commands;
- Getting Help;
- Applications.

#linux
تیم سورین

👩‍💻 PowerShell Commands for Pentesters.

• در ادامه مطلب قبلی دستورات مفیدی را با شما به اشتراک خواهم گذاشت که برای نفوذگران و متخصصان امنیت اطلاعات مفید خواهد بود:

+ Locating files with sensitive information:
- Find potentially interesting files;
- Find credentials in Sysprep or Unattend files;
- Find configuration files containing “password” string;
- Find database credentials in configuration files;
- Locate web server configuration files;
+ Extracting credentials:
- Get stored passwords from Windows PasswordVault;
- Get stored passwords from Windows Credential Manager;
- Dump passwords from Google Chrome browser;
- Get stored Wi-Fi passwords from Wireless Profiles;
- Search for SNMP community string in registry;
- Search for string pattern in registry;
+ Privilege escalation:
- Search registry for auto-logon credentials;
- Check if AlwaysInstallElevated is enabled;
- Find unquoted service paths;
- Check for LSASS WDigest caching;
- Credentials in SYSVOL and Group Policy Preferences (GPP);
+ Network related commands:
- Set MAC address from command-line;
- Allow Remote Desktop connections;
- Host discovery using mass DNS reverse lookup;
- Port scan a host for interesting ports;
- Port scan a network for a single port (port-sweep);
- Create a guest SMB shared drive;
- Whitelist an IP address in Windows firewall;
+ Other useful commands:
- File-less download and execute;
- Get SID of the current user;
- Check if we are running with elevated (admin) privileges;
- Disable PowerShell command logging;
- List installed antivirus (AV) products.

#PowerShell
تیم سورین

👩‍💻 Forensic Lessons. A Big Guide to Windows Artifacts

•• یک برگه تقلب حجیم در مورد روش های جستجوی اطلاعات در سیستم عامل ویندوز - به منظور شناسایی حوادث مختلف. این مقاله روند متوالی جمع آوری Artifactها را در رایانه شخصی هک شده شرح می دهد. مطالب به شرح زیر است:

• Typical Forensic investigation flow.

• Tools:
- Acquire artifact’s Tools;
- Forensic analysis tools;
- OS / Linux Distros.

• KAPE cheatsheet:
- KAPE target extraction;
- Memory dump;
- Live response command and scanner;
- All in one artifact parsing;
- Event log / log scanning and parsing;
- Program Execution;
- File folder activity;
- NTFS and FileSystem parsing;
- System activity;
- Mounted image scanner.

• Analysis Findings:
- Live Forensics;
- Memory analysis;
- Disk analysis;
- Windows event logs analysis;
- Triage artifacts parsing and analysis;
- Other Artifacts.

• Lateral Movement Detection and Investigation:
- Credential harvesting;
- File sharing;
- Remote login;
- Remote Execution.


#windows #forensics
تیم سورین

👩‍💻 ++ 101 Linux commands.


راهنمای جامع و کاربردی دستورات خط فرمان لینوکس

این کتابچه راهنما، مجموعه‌ای کامل از دستورات خط فرمان لینوکس است که هم برای مبتدیان و هم برای کاربران حرفه‌ای این سیستم‌عامل بسیار مفید خواهد بود. مطالب این کتابچه شامل:

• Basics;
- File Hierarchy Standard (FHS);
- Commands;
• Disk and File System Management;
- General Disk Manipulation (non-LVM);
- Globs (Wildcards);
- Regex;
- Stream redirection;
• Text Readers & Editors;
- Less;
- VI;
• User and Group Management;
• File System Permissions;
• SSH;
• Cronjobs;
• Package Management;
- RPM;
- YUM;
• List of commands by category:
- Directory Navigation;
- File Commands;
- File and Directory Manipulation;
- Package archive and compression tools;
- System commands;
- Networking Commands;
- Package Management;
- User Information commands;
- Session commands;
- Getting Help;
- Applications.

تیم سورین
#Linux