ฝัง
- เผยแพร่เมื่อ 1 ก.ค. 2021
- BlackPerl Presents to you the very FIRST, Cyber Security Incident Response Documentary which is based on a True Cyber Security Incident. We are releasing the full documentary here. In the Documentary, we have tried to show you A full demonstration of a P1 Incident Response. How did we respond, how did we triage and how did we perform from Forensic Level to find the RCA.
The Incident involves a Cyber Phishing, Account Forgery, Money Laundering, Domain Impersonation and many more. And the Investigation involves from an email to Security Operations Team from Geography IT Team to the very angle of Forensic Acquisition, Email Analysis, SIEM Hunt, Legal Notification, Customer Communication and a lot!!
We have tried to bring the whole incident in a small cinematic episode and tried to show you what actually happens in a real Security Operations centre. And this is damn reality!!
So, I hope you enjoy the show and Stick around to BlackPerl for more such exciting Episodes. You can learn something with enjoyment and a real feel of being into Security Operations Centre!!
I would like to THANK everyone who has worked with me to put together the episode and storyline. This Episode is an outcome of 100s of hours of post production and pre-production cuts where we could sync virtually and done the screen-play!!
Hope you Enjoy it!! Let's target to give it a LIKE of 200+ 😊. We have used IR-Flash, Binalyze AIR, eDiscovery Technique, Elastic SIEM Search, WOLF etc. tools to compile this and to ascertain the root cause of this and we have also tried to show you how to create a Timeline of the Incident. If you can also pin this down and use for your own usecase and business, you will ROCK!! I have covered some of the techniques and tools in past, you can find the link below, and please stay tuned for other tools which we will also explore in sometime!
-------------------------------------------------------------------------------------------------------------------------
📝
Check out Incident Response Full Training Course👉 bit.ly/2OKQaFP
WATCH BELOW AS WELL, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
INCIDENT RESPONSE TRAINING Full Course 👉 • BlackPerl DFIR || INC...
DFIR Free Tools and Techniques 👉 • BlackPerl DFIR || DFIR...
Windows and Memory Forensics 👉 • BlackPerl DFIR || Wind...
Malware Analysis 👉 • BlackPerl DFIR || Malw...
IR Flash 👉 • How to Collect System ...
Email Header Analysis 👉 • Email Header Analysis ...
📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ LinkedIn: / blackperl
✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5
✔ Twitter: @blackperl_dfir
✔ Insta: (blackperl_dfir) / blackperl_dfir
✔ Can be reached via blackperl_dfir@yahoo.com
SUPPORT BLACKPERL
-------------------------------------------------------------------------------------------------------------------------
╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗
║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣
╠╗║╚╝║║╠╗║╚╣║║║║║═╣
╚═╩══╩═╩═╩═╩╝╚╩═╩═╝
➡️ SUBSCRIBE, Share, Like, Comment
☕ Buy me a Coffee 👉 www.buymeacoffee.com/BlackPerl
📧 Sponsorship Inquiries: archan.fiem.it@gmail.com
🙏
Curtsy
-------------------------------------------------------------------------------------------------------------------------
🎶
THBD:
/ thbdsultan
/ thbds
/ @thbd
creativecommons.org/licenses/...
Music provided by RFM: • Video
🏁
Background Loop Animation By 5 Minute Edits
/ @5minuteedits
-------------------------------------------------------------------------------------------------------------------------
🙏 Thanks for watching!! Be CyberAware!! 🤞 - วิทยาศาสตร์และเทคโนโลยี
📢It's a BIG Day!!
We are finally able to publish the Full Documentary episode covering a Real P1 Security Incident.
It was a marvelous experience making this episode-
1. Create the plot
2. Create the full story from the actual incident
3. Prepare the script
4. Record the incident while we resolve story
4. Hours of struggle in Post Production to make it more interesting but to the Point. 😊
Thank you Sai Naga Subrahmanyam Batchu, Nishant Sharma, Gobinda Karmakar for your awesome participation to make this happen!
So we started from a Phishing Angle and went ahead to touch base-
👉Account Compromise
👉Cyber Squatting
👉System Compromise
👉eDiscovery
👉Kibana Analysis
👉Gathering Data throughout this process
👉We did our best to save our Org from any potential Harm
👉Performed the containment
👉Tried to identify the patience zero in this process!!
So, if you want to become a successful #securityanalyst and want to become a part of #securityoperationscenter This is for you! You will definitely pass this road.. Get an early feel and explore what happens behind the curtain when we say- "IT's P1" 😊
Got a good info on incident response ❤ Keep posting such videos.
This is Crazy stuff!! Amazing mix of pre and post production efforts!!
Much appreciated!
best video so far, your way of explaining this is beyond awesome. Thanks a lot.
Thank you for your kind words! Please stay tuned and keep watching the playlists
Fantastic work guys !!! Loved it 😍 it's very close to the real P1 incident. Covered allmost every step tbat the team does for a P1.
Thanks Buddy for your feedback. Really appreciate it.. Please stay tuned and keep watching...
Awesome work done mate. Will be waiting for the upcoming episodes for tools..
Thanks, will do! Really appreciate your feedback. 😊
Amazing video detailing the incident and overall a very enjoyable video to watch! Definitely going to share the word of this video and going to rewatch it because it was truly beneficial and overall enjoyable. Highly recommend rewatching!!
Thank you Buddy for your feedback!! I really appreciate it! Please stay tuned!
This video is underrated. Thank you so much :D
Thank You
Bang!! this is cool...Thanks for giving the first hand experience xD...will share with my friends to achieve your goal.
Thank you very much Buddy for your feedback and support!! I really appreciate it!!
Hey Archan, this was really awesome man! I'd imagine how hard it is to collaborate and create an IR process rather than that working on a Friday night was peaceful.
Appreciate your efforts and sharing knowledge with the community :)
Hey Bud..
Thank you very much for your kind words Buddy. Means a lot. ❤
Please stay tuned and keep watching!
Hey guys thank you for this informatic video
Good IR walk through.
Awesome Buddy, Thanks for making.
Glad you liked it. Keep watching!
Very nice presentation of the actual scenario...finally a video which is something different from all the usual TH-cam tutorial videos :)
Thank you so Much Arvind!! Really appreciate your feedback, keep watching and please stay tuned..
this was really useful, thanks a lot!
Thanks. M glad you liked it
Excellent Dude.. Really nice presentation of the whole case
Thanks a ton
This was informational I learned a lot from this video. Thanks!
M glad it is helpful
Super content. Really love your videos.
I appreciate that!
Thanks it's awesome, keep it up.
If possible kindly make more cinmatic real scenarios like this.
It will helpful to lot of students across the globe.
Sure thing buddy, will put it together again!! I am glad you liked it!!
Fantastic work.. keep it up..
Thanks a lot 😊
We need content like this sir ❤❤great video , now this is a real case/incident
Thank You
Great video ...i am a regular viewer of your videos..I am trying to get in to a SOC role. Came across a few interview questions...Could you let me know in your experience
1.How many types of alerts are there in your SOC
2.how many phishing alerts do you get in a day and how
3.are L2 soc analyst required to create rules in SIEM
4.what level of threat hunting and DFIR things do SOC L2 people do usually or incident response a separate team
5.what attack life cycle pattern do you follow in your organization.
i know this is a lot of questions ..if you can reply that will be great or make a video
Wohoo.. That's a lot of question. But, I got you covered.
First of all, Thank you for taking time and watching my videos.
1.How many types of alerts are there in your SOC
It depends on what types of log sources you have, what types of Risk you are having, and what are your uscases are. So, if my alerts are driven out of 1 usecase, I could have 10 detection rules to cover it and if I can tune it to 50-50 TP/FP ratio, I can expect 10 alerts.
For me, I have more than 10 types of log sources, have more than 10 usecases and hence it is running more than 100+ rules in SIEM. So you can calculated the alerts. But most of them are automated to take actions.
2.how many phishing alerts do you get in a day and how
From my older exp. More than 1k. From direct user reportes to SOC mailbox, from phishme hook, phone call.
3.are L2 soc analyst required to create rules in SIEM
It depends on what the deliverables of your Org analysts roles. If it is a structed SOC, analysts should not change rules in Production, they should give feedback to Enginnering Team who shown own this fine tuning task.
4.what level of threat hunting and DFIR things do SOC L2 people do usually or incident response a separate team
Again it depends on your Org specific roles. If you are capable enough to hunt being a L2, well and awesome!! Generally in SOC we do have a team who does Threat Hunting and Threat Intel work.
5.what attack life cycle pattern do you follow in your organization.
It depends on which Org you are working in since it the risk gets changes as the Org pattern gets changes. But every one follows, MITRE more of less.
provide a lot of information, Take a Bow for your Hardwork.
Thank you very much
Great work brother! Keep it up. Thoda aur drama aur tension chahiye tha.(Missing hindi..u know what 😀)You should have shown the business manager who keeps interrupting and pressing you. More details could have been shown in header analysis. Also if Dkim and spf both failed ideally warning message should have been shown to recipient. If inspite of that he has done the transfer ..needs HR action 😀. Good going and all the best for your upcoming episodes
Thank you so much Buddy. Ya man, you truly pointed out the odds. We have suppressed several such points just to make this short and crisp. In actual world there are many more things which SOC faces.. It's just of a glimpse! 😊
I am glad you enjoyed it and really appreciate your feedback. Please stay tuned and keep watching..
This is sooo cool!
Thank you Buddy. M Glad you liked it!
Amazing video. Can you share sample real-time Incident response report and how to write the report.
ধন্যবাদ দাদা আপনাদের দৈনন্দিন একটা চিত্র তুলে ধরার জন্য। আমি একজন সাইবার সিকিউরিটি স্টুডেন্ট, কিন্তু "রিয়েল লাইফ এক্সেপেরিয়েন্স" বিষট না থাকার কারনে অনেক কিছুই শিখতে পারছি না। আপনাদের ভিডিও দেখে আসলেও আজ ধারনা পেলাম কিভাবে কাজ হয়। আশা করছি সামনে আরো শিক্ষনীয় ভিডিও ভাবো।
Thank you very much for your kind words!! Sure, I have more plans and many more things to explore!! Please stay tuned!!
Great Music Mix..
Thanks ✌️
Lovely 🔥
Thanks 🔥
It was nice and good explanation
Thank You
Finally have seen real soc p1 incident response ❤❤❤
Thank you for your feedback. Please check the other playlist as well. Stay tuned!
Dear,
kindly make video on fireye/defender or any edr aquision analysis on alert .
Thanks Buddy for this awesome Idea. I have noted it down and will surely plan soon!! Please stay tuned!!
The timeline looks good to me, Can you name the app/tool that helps in creating the timeline mean to say the visuals
It was created in PowerPoint and visio.
Which tool you are using for NOtes??
Chatbot on slack
5:05 Don’t you, all, have access to that evidence folder? And why do you have only a sample and not all pieces of evidence?
Is kibana were used in analysts part
Yes. We used Elastic as part of analysis
11:43 PAGE you? Do you still use pagers?
Hi Archan brother do you speak Bangla? I love the song, great to know you are a Bengali speaker
Yes. Archan is a Bengali by birth!!
Hi do you speak bangla brother, my favourite song....
I love the India music
12:56 date stamp is wrong
Yes, you are right! I realized that after publishing. 🤣