วีดีโอ

bro, may you record from scratch when you do challenge , i mean when we open video there already are question which had been answered by you , we dont understand how you did find them

hey thanks for this tutorial. i am a bit confused though... as it stands letsdefend offeres their sandbox VM enviorment on the webpage of the malicious doc. Im confusd as to; #1 how to get the hash te be able t analyze the file in virus total? #2 and how do i get the hash from the VM on the page to copy that into my own device? could you please help me out with this

Im confused. What exactly were you looking for in sysmon logs. I was expecting you to check powershell logs

So even though there was a successful response status saying 200 at 11:30 AM it’s still not considered as a successful SQL injection overall?

man good job but the video is too long

Nice one.

4:02 how did you extract the xls file?

Why does this dude sound like he's doing ASMR when he talks?

I can't hear anything make your audio full volume...dislike 👎

67c6784a5296658ac4d633f4e8c0914ecc783b1cf2f6431818c4e2f3cdcce91f T1543 T119E3163DB459E165C8CF04B57E2516BAD671F83C037989F3EBD38C299420EE86626B07

Hi Bret....Has anyone accessed the URL? Shouldnt it be yes?

thanks for the video yeah the first question was just wasting time ...

Man...I still cant understand why the alert is a false positive...Have they responded to you on this?

Have u done already all the SOC analyst path?

i really enjoy your videos.. you are doing an amazing work..... please can you take us through how you read logs at the endpoint security? that is processes, network action,,terminal history and browser history. thank you

This funny witht he Arthur guy😂

Even I got it incorrect. Not sure why was the malware analysis indicating that it is malicious.

Hi, would you happen to have a video on dynamic analysis example using anyrun letsdefend. Where it ask for the email the malware used to connect to the server and the password

Your a super life saver. I work on these while watching you

I appreciate your contribution to infosec, i will give you some friendly advice that please increase your audio volume in your videos and you can make it bit shorter it would also boost your views you know that infosec peps love watching precise stuffs. Thanks for your knowledge sharing!

Tried responding to this alert today. Went to the endpoint and could not find logs from July 2021. The oldest logs were from September.

Do you think it encrypted some data?

I’ve been studying IT and Cybersecurity all day for the past couple of days. It’s nice to relax and take in such a beautiful natural phenomenon

Hi, i was doing this alert and the part i got wrong was that i thought user did not access this file. Since log shown are all empty and just curious does it mean that the attacker remove all traces in the log that's why it is empty ??? Thank you

Hi Bert, I made this official challenge write-up. I would like to hear your thoughts on my write-up and if you have any tips for improvement. I was inspired by you, and LetsDefend published two of my write-ups (GoLang challenge too). Keep up the good work, I love your channel.

thanks, you help me with the first question

you didn't show hot to fire up the Remote Desktop client which Is what im stuck on haha. thanks for the video non the less!

no cursor is so annoying :/

Could you plz share the pdf file? Thanks in advance

how did you manage to exact the doc from the letsdefend virtual lab. l am having a hard time with it. If possible kindly include the exact from the vm into your videos next time

please how did you download the log file from the letsdefend virtual platform to your pc. l am having difficulty with that

Thanks for the walkthrough, but I have a question for you. During my investigation I noticed that there was an email sent to RichardPRD on the same day as the JuicyPotato.exe alert. The email contained a malicious .xlsx file that was opened and there are various IOCs on his endpoint that show this, including contact with a C2. One of the questions asks if someone had requested the C2 and I put "yes", which was the wrong answer. I guess my question is, was I mistaken thinking that the JuicyPotato.exe and the .xlsx file from the email were somehow linked? In a real life scenario, would you only focus on the JuicyPotato alert even though you came across something else while searching, such as an email attachment?

I would pay money to see what that webpage looked like before it got the 404.

Doing the lords work mate. Thank you.

Hi Bret nice video, I love your channel you are awesome! I have a question regarding the challenge, how did you download the file? I didn't find the option to download this sample and the Let's Defend machine is not equipped with the tools I need like IDA or ghidra so I wanted to get the sample to my flare VM. how can I get this sample? I don't have VT pro account or Joe sandbox account for downloading the file. Thanks and keep it up love your channel 😁

hello laughing man

This is not bad at all, however, hopefully you can make a slightly more advanced version to this that talks more about the response. For example extract out logs, and review them. Even if with a test tenant/instance.

if possible please do with frida stalker for themida protected malware

its easy to do with virus total, but reverse engineering with Python its a lot. I only have Sec+ and Google CC, Letsdefend SOC is my 1st course. Malware analysis as hard as i thought, log analysis is easier.

how do you output multiple the content of speicifc files with strings in linux as demonstrated @14:32

how do u determine what profile to use in volatility this is something i dont quite understand yet.

Nice job. Thanks for the interesting video.

This is great.🔥🔥

Jesus this lab is extremely intense ahaha not able to complete it

after follow udp stream, where did you go to find p13 frame message?

Thank you for these Videos, Bret. They really help to learn safely with hands-on experience that transfers well to on-the-job experience!

this is beginner? I'm screwed

Hey Bret! This is the other Bret(CyberGladius). lol. I enjoyed watching someone work through my challenge. Thank you for the video! The event logs are from an actual breach I worked on. Fun fact: the hard part was altering the event logs to remove sensitive information and re-signing the headers.

It was very helpful. thank you.

InfoSec_Bret, I loved this video so much, I had to hit the like button!