วีดีโอ

Your a super life saver. I work on these while watching you

I appreciate your contribution to infosec, i will give you some friendly advice that please increase your audio volume in your videos and you can make it bit shorter it would also boost your views you know that infosec peps love watching precise stuffs. Thanks for your knowledge sharing!

Tried responding to this alert today. Went to the endpoint and could not find logs from July 2021. The oldest logs were from September.

Do you think it encrypted some data?

Jones Michelle Johnson Paul Thompson Sharon

I’ve been studying IT and Cybersecurity all day for the past couple of days. It’s nice to relax and take in such a beautiful natural phenomenon

Hi, i was doing this alert and the part i got wrong was that i thought user did not access this file. Since log shown are all empty and just curious does it mean that the attacker remove all traces in the log that's why it is empty ??? Thank you

Hi Bert, I made this official challenge write-up. I would like to hear your thoughts on my write-up and if you have any tips for improvement. I was inspired by you, and LetsDefend published two of my write-ups (GoLang challenge too). Keep up the good work, I love your channel.

thanks, you help me with the first question

you didn't show hot to fire up the Remote Desktop client which Is what im stuck on haha. thanks for the video non the less!

no cursor is so annoying :/

Could you plz share the pdf file? Thanks in advance

how did you manage to exact the doc from the letsdefend virtual lab. l am having a hard time with it. If possible kindly include the exact from the vm into your videos next time

please how did you download the log file from the letsdefend virtual platform to your pc. l am having difficulty with that

Thanks for the walkthrough, but I have a question for you. During my investigation I noticed that there was an email sent to RichardPRD on the same day as the JuicyPotato.exe alert. The email contained a malicious .xlsx file that was opened and there are various IOCs on his endpoint that show this, including contact with a C2. One of the questions asks if someone had requested the C2 and I put "yes", which was the wrong answer. I guess my question is, was I mistaken thinking that the JuicyPotato.exe and the .xlsx file from the email were somehow linked? In a real life scenario, would you only focus on the JuicyPotato alert even though you came across something else while searching, such as an email attachment?

I would pay money to see what that webpage looked like before it got the 404.

Doing the lords work mate. Thank you.

Hi Bret nice video, I love your channel you are awesome! I have a question regarding the challenge, how did you download the file? I didn't find the option to download this sample and the Let's Defend machine is not equipped with the tools I need like IDA or ghidra so I wanted to get the sample to my flare VM. how can I get this sample? I don't have VT pro account or Joe sandbox account for downloading the file. Thanks and keep it up love your channel 😁

hello laughing man

This is not bad at all, however, hopefully you can make a slightly more advanced version to this that talks more about the response. For example extract out logs, and review them. Even if with a test tenant/instance.

if possible please do with frida stalker for themida protected malware

its easy to do with virus total, but reverse engineering with Python its a lot. I only have Sec+ and Google CC, Letsdefend SOC is my 1st course. Malware analysis as hard as i thought, log analysis is easier.

how do you output multiple the content of speicifc files with strings in linux as demonstrated @14:32

how do u determine what profile to use in volatility this is something i dont quite understand yet.

Nice job. Thanks for the interesting video.

This is great.🔥🔥

Jesus this lab is extremely intense ahaha not able to complete it

after follow udp stream, where did you go to find p13 frame message?

Thank you for these Videos, Bret. They really help to learn safely with hands-on experience that transfers well to on-the-job experience!

this is beginner? I'm screwed

Hey Bret! This is the other Bret(CyberGladius). lol. I enjoyed watching someone work through my challenge. Thank you for the video! The event logs are from an actual breach I worked on. Fun fact: the hard part was altering the event logs to remove sensitive information and re-signing the headers.

It was very helpful. thank you.

InfoSec_Bret, I loved this video so much, I had to hit the like button!

Bret you are doing great job I would like to request if you include log source type and relative Scanerios which works in real life soc I know the letsdefend don't provide this but will be greatful to you if you can

Hey Brett, could you maybe help me understand why when I connect to the labs they're so laggy?

Thanks Bro for that :)

Can barely hear you.

yo man, can you please be more informative like a step by step guideline on phishing email challenge? Im stuck on where it says download, like do I download like normal or download it through a sandbox if so, what do I use in a sandbox like letsdefend provides and solve the problem thank you

How do you open the download link on letsdefend lab

Thank You For making this video. I wish you make a lot of videos about letsdefend

InfoSec_Bret, I really liked this video! I subscribed too!

dude, you do suck. learn some basic PowerShell to suck just a tiny bit less [System.BitConverter]::ToInt64(); [datetime]::FromFileTime() you had it at th-cam.com/video/PUTGNPeCgvs/w-d-xo.html

dude, you do suck. learn some basic PowerShell to suck just a tiny bit less [System.BitConverter]::ToInt64(); [datetime]::FromFileTime() you had it at th-cam.com/video/PUTGNPeCgvs/w-d-xo.html

dude, you do suck. learn some basic PowerShell to suck just a tiny bit less [System.BitConverter]::ToInt64(); [datetime]::FromFileTime() you had it at th-cam.com/video/PUTGNPeCgvs/w-d-xo.html and do forget those tarded "tools"

Oh man, why are you talking too slowly in every video? Are u high every day, man?

In their youtube channel, LetsDefend, actually recommend using VMonkey so you weren't lazy at all.

I think your videos would be perfect if you'd gotten a new mic. It's sometime very hard to hear or understand you. Otherwise, great content!

I did the same, the only difference was I didn't even bother looking up the python program by name, because the name doesn't identify the program, so whatever I find it's just speculation. The way they run python and the wmi activity mentioned in the alert was suspicious enough, but unless we get the wmiexec.py or its hash we can't investigate further. The same reason we can't identify the C2 address - if there is any. But there isn't any network activity in the log at the time of the alert, so I don't understand eighter - I made the same "mistake".

I stuck on question 13, i take the same thing but it says it is incorrect