Hi Medium! Here we are again with a new article about Sentinel. In this article, we will introduce how to link threat intelligence platform feeds to our Azure Sentinel. Contents Definition of TAXII and STIX. 2 STIX. 2 TAXII 2 How to add Anomali TI feeds to Sentinel How to add IBM X-Force Feeds to Sentinel Definition of TAXII and STIX STIX STIX, short for Structured Threat Information eXpression, is a standardized language developed by MITRE and the OASIS Cyber Threat Intelligence (CTI)…

[6 min] Read Hi Medium! Here we are again with a new article. In this article, we will go through different tools and techniques that should be known to retrieve information from a target system and review its log on the Sentinel Azure platform. Summary Windows 10 VM creation and Sysmon…

How to detect a cyber attack or a threat Hi Medium! Here we are again with a new article, today we will talk about advanced threat detection and the several methods used in defense as follows: Threat Detection Concept How We Can Detect Threats 1. Threat Detection Team Facing different attacks is not an easy job, the threat detection team need to act…

Hi Medium! Here we are again with a new article, I was asked by a friend in my last article about Enumeration to provide a breakout on the SMTP technique. In this article, we will go through different tools and techniques that should be known to retrieve information about your…

Proxy types and how it works Hello Medium!! I always missed understanding the way proxies are used, however, the definition is so simple but people still miss understand how they are used and each time they made me unsure of the knowledge I have. So once and for all we will go together through all the…

Hi Medium! Here we are again with a new article, today we will share a small tutorial where we will implement the OSSIM solution, so we will talk about : Introduction 2.1 Work environment 2.1.1 Hardware environment 2.1.2 Software environment 2.2 Implementation and test Conclusion Introduction In this chapter, we…

SOC technology and Best Practice Hi Medium! Here we are again with a new article, today we will talk about SOC technology and Best Practice. We are going to discover : + What is SOC? + Why is SOC Important? + SOC Management + Best Practice + Conclusion 1- What is SOC? SOC (Security Operation Center), is a division…

TLS Overview Hi Medium! Here we are again with a new article, today we will talk about TLS Overview as follow: 1. Confidentiality 2. Integrity 3. Availability 4. Defence in Depth 5. Symmetric encryption 6. Asymmetric encryption 7. Cryptographic Hash function 8. Man In The Middle (MITM) 9. Transport Layer Security 10. Banking Malware That Uses TLS…

Enumeration Hi Medium! This is the Enumeration part. In this chapter we are going to discover the following topics: Introduction Why Enumeration? Enumeration techniques Enumeration Tools on Linux and Windows Summary Introduction The most important phase before attacking a target is “Reconnaissance”.The more effort the attacker put in during this phase the…