วีดีโอ

Yup, you do not need vultr. I am using it for the ease of use.

My pleasure! I am so glad to hear that you're enjoying the course!!!

What error did you get?

Depends if Shuffle has a direct app with it. Otherwise, you could likely use a webhook if DFIR-IRIS supports that

@@MyDFIR okay thank you, and now i regards this video to do that , if i have a problem can you help me do you have discord or linkedIN or any ?

Since I did not utilize DFIR-Iris in this video, troubleshooting might take a bit of time so I cannot guarantee anything. However, I do have a discord on my site (sign up) or you can DM on my socials

@@MyDFIR okay thank you

Thank you for watching <3

Are you using a laptop and connected to wifi? If so, your bridged adapter may be connected to your ethernet adapter rather than your wifi adapter giving you no internet access. Thus, you'll need to configure a custom network adapter to point to your wifi adapter.

@@MyDFIR Yes i'm using a PC. My bridged network is normally my computer 's wifi network adapter.. I've checked it on my PC ipconfig /all. I will maybe change adapter and sée what happens

Thank you! This will be a fun project to do :)

Thank you! I took a look at my very first video and...yeah, crazy what a year can do!

Yeah YAML can get kinda weird sometimes, try using this jsonformatter.org/yaml-formatter and see if that helps!

That is great to hear! Thanks for stopping by and get ready for Part 2!

Will do, Part 2 releasing tomorrow! (June 25th)

Thank you for watching! I hope you learned a lot 😃

You're welcome! Projects are super fun and challenging, take a look at the channel as I have quite abit of projects that you can follow along if you wish!

You're very welcome! Hope you learned a lot ❤️

Do make sure you’re selecting the correct field. I ran into the same problem before and found out I was selecting the incorrect field haha

I would try to redo the cassandra/elastic/hive install

@@MyDFIR I'd appreciate that. Thanks for all you do.

Double check that you’re downloading the Virtual Box Kali version and not the VM

You’ll need to be sure to configure the config file on the wazuh server via CLI.

@@MyDFIR I have done nano ossec.conf for logall à yes nano \etc\filebeat\filebeat.yml for change archives false to true But I have not restarted minikatz

@@bosjr5557 Not sure what you mean when you say "not restarted mimikatz" - Does mimikatz show up under your Sysmon Windows Event Log Provider on your host?

@@MyDFIR yes mimikatz show up in sysmon windwos event log and it show up in archives.log. But when i want to create index pattern wazuh-archives-* i have only this sources : The index pattern you've entered doesn't match any indices. You can match any of your 12 indices, below. opensearch_dashboards_sample_data_logs Index wazuh-alerts-4.x-2024.06.15 Index wazuh-alerts-4.x-2024.06.16 Index wazuh-alerts-4.x-2024.06.20 Index wazuh-alerts-4.x-2024.06.24 Index wazuh-monitoring-2024.24w Index wazuh-monitoring-2024.25w Index wazuh-monitoring-2024.26w Index wazuh-states-vulnerabilities-wazuh-server Index wazuh-statistics-2024.24w Index

@@MyDFIR i find mimikatz in sysmon and in archives.log. I don't see a file archives.json

You're welcome 😊

You can try however I would also continue to put yourself in front of different scenarios as much as possible by doing more hands on labs to gain the confidence to speak about them. For projects you want to format it as you would for work experience.

No you 🥲

Yeah! They are super fun and educational

Thanks for watching!

Likely would be similar to alerts however I personally haven’t tried. I would take a look at the documentation to see how the API works

My pleasure!

The market isn’t that great right now, have you talked about your next steps/interests with your manager?

@@MyDFIR feels strange with all of those attacks happening everyday that big company do not extend their security team. I spoke to my manager to swap position due to have opening in the IAm team but also as a AD specialist but, they do not care much. they like me where i am

Can’t really say much without seeing your setup. Are you on the same network? Are ports opened?

Glad it was helpful!

Have you tried editing the application? I know by default it doesn't work - For the regex, you'll want to have it extract the hash, as long as it does that, you are fine.

@@MyDFIR I didn't need to edit the application, the url path is the exact same as what you had it as. even when i go to look at the application editor, it showed that url path files/{id}

yeah may need to use v3 for the API, if thats the case here is the documentation: docs.virustotal.com/reference/file-info

@@MyDFIR I believe i'm using the v3 API already. the app's node in the shuffle is called VirusTotal v3

Could you send me a screenshot of your VT settings in Shuffle via DM Instagram?

Awesome!!

Yeah Docker is free but with 8 GB RAM there is only so much you can do unfortunately. What I would suggest is look into upgrading your equipment or purchase used equipment and go from there if you're thinking about this long term. You can also use the cloud with free credits.

No, this particular project uses LimaCharlie on Windows.

Thank you!