💎 بطور کلی مرکز عملیات امنیت یا SOC از 5 ماژول اصلی تشکیل شده است:
1️⃣ ماژول Event Generators
2️⃣ ماژول Event Collectors
3️⃣ ماژول Message Database
4️⃣ ماژول Analysis Engines
5️⃣ ماژول Reaction Management Software

در این مقاله شما با مفاهیم SOC، پیاده سازی و معماری آن آشنا می شوید.
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧

👨‍💼 #Service_Administration_Specialist

♻️ Job description
📌 Perform routine administration and maintenance of designated system(s) to meet the Company business requirements.
📌 Monitor systems to achieve optimum level of performance.
📌 Monitor servers for compliance with established standards, policies, configuration guidelines and procedures.
📌 Provide capacity analysis reports/data.
📌 Monitor server backups on a daily basis.
📌 Perform first level problem determination and resolution to ensure availability and stability of corporate based platforms according to established service level agreements.
📌 Escalate higher level issues to senior levels as required.
📌 Participates in the evaluation, selection, implementation and on-going support of software, hardware and tools used by the Enterprise Infrastructure platform.
📌 Experience with PowerShell and/or other scripting languages.
📌 Active Directory Domain Administrator – Manage and maintain: Sites and Services, DNS, DHCP, Group Policy Objects, Computer/User Objects, LDAP, Authentication protocols,

📌 AD Permission delegation using the least privilege methodology, Dynamic/Static AD groups, as well as other Domain services in accordance with MS best practices and compliance requirements.
📌 Strong experience with infrastructure services such as DHCP, DNS, WSUS, AD CS
📌 Strong knowledge of Microsoft Exchange Server 2013,2016 and 2019, and ability to manage, deploy and maintain servers
📌 Strong knowledge of Microsoft SharePoint Server 2016, Office Online Server and SQL Server and ability to manage, deploy and maintain SharePoint Farm.
📌 Experience working with NTFS permissions and DFS name spaces for file sharing.
📌 Experience with Current versions of Windows (e.g. Server 2012, 2016, Windows 10 Enterprise)
📌 Experience with Manage Engine Solutions.
📌 Able to troubleshoot and re-mediate issues by reviewing and tracking system logs, events, etc.
📌 Assists in ensuring compliance with security policies and procedures.
📌 Knowledge of .Net programing languages is a plus

♻️ Requirements
📌 Bachelor’s Degree or equivalent in Computer Science, Information Systems, or related field and 3-5 years of relevant experience.
📌 Excellent (verbal and written) English communication skills.
📌 Customer service driven.

📪 Please send your resume to: [email protected]

سند بررسی مفاهیم فنی VMware VVoL
در این سند شما با موارد زیر آشنا خواهید شد:
📌 مفهوم VMware VVoL و Storage Container
📌 معماری و کامپوننت های VMware VVoL
📌 مزایای کلیدی VVoL
📌 مفهوم Storage Policy-Based Management یا به اختصار SPBM
📌 معرفی ویژگی های جدید VVoL v2.0
📌 و...
☁️ لینک گروه تکنولوژی های ابری و مجازی سازی
https://t.iss.one/joinchat/BDE3OVH_RBXgwYZzbPZNqA
@iranopensource🐧

💎 یک مثال از ساختار سازمانی (چارت سازمانی) در یک SOC
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧

💎 توپولوژی IDS using a Network Tap چیست؟
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧

بطور کلی ما دو نوع تکنولوژی برای capture کردن packetهای شبکه توسط IDSها داریم:
1️⃣ تکنولوژی Port mirroring
2️⃣ تکنولوژی Network taps

تکنولوژی Network taps دیدگاهش اتصال به deviceها بصورت OOB یا Out-Of-Band از طریق Network taps جهت مانیتور و capture کردن packetهای یک segment از شبکه با استفاده از لینک های point-to-point است. مثلاً در شکل فوق از ارتباط Tap برای Capture کردن لینک بین شبکه Firewall و Switch و پکت هایی که بین این دو (شبکه Outside و Inside) منتقل می شود می توانیم استفاده نماییم. در واقع پیاده سازی IDS در این حالت به شما و سازمانتان این اجازه را می دهد که بدون اینکه توپولوژی شبکه و زیرساختتان را تغییر دهید ترافیک لینک ها را مانیتور نمایید. این روش، یک روش Passive Monitoring است. وقتی شما تنظیم می کنید که IDS تان در مد Tap Mode پیکربندی شود، در واقع یه کپی از packetها به سمت آن ارسال می شود. به مد Tap Mode اصطلاحاً monitor-only mode نیز گفته می شود.

شما فرض کنید IDSتان یک Cisco FirePower است و بصورت زیر آن را در مد monitor-only کانفیگ کرده اید. در این شرایط یک کپی از ترافیک توسط Network TAP بر روی IDS شما ارسال شده و IDS ترافیک را به این صورت Capture و مانیتور می کند. (چه inside trafficها و چه outside ترافیک ها)
firewall transparent
!
interface GigabitEthernet1/1
no nameif
no security-level
traffic-forward sfr monitor-only

لینک1: https://www.cisco.com/c/en/us/td/docs/security/firepower/hw/firepower_device/firepower_7k8k_device/deployment.html
لینک2: https://finkotek.com/cisco-firepower-inline-tap/

میثم ناظمی
@iranopensource🐧

💎 مزایای یک In-House SOC و یک Virtual SOC
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧

💎 مقاله: انواع استراتژی های پیاده سازی Network IDS/IPS از دیدگاه SANS
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧

💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧

Practical Windows Forensics by Ayman Shaaban & Konstantin Sapronov #Pactical_Windows_Forensics
----------------------------------
Over the last few years, the wave of the cybercrime has risen rapidly. We have witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evident data from digital evidence, and the best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process.

We start by discussing the principles of the digital forensics process and move on to show you the approaches that are used to conduct analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data.
-------------------------------———————
2016 | PDF | 314 pages | 19.8 MB
-----------------———————————

@iranopensource🐧

💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧

The Art of Memory Forensics Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition by Michael Hale Ligh & Andrew Case & others
-------------------
Memory forensics provides cutting edge technology to help investigate digital attacks
Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.
Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:
How volatile memory analysis improves digital investigations
Proper investigative steps for detecting stealth malware and advanced threats
How to use free, open source tools for conducting thorough memory forensics
Ways to acquire memory from suspect systems in a forensically sound manner
The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
--------------—————————————-
2014 | PDF | 914 pages | 7,18 MB
---------------—————————————

@iranopensource🐧

💎 لینک گروه الماس (تشکر از مهندس عشقی عزیز جهت به اشتراک گذاری این کتاب در گروه امنیتی الماس)
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧