Open in app

Sign in

Write

Sign in

Incident Analysis with ELK Kibana | HTTP Logs Analysis | TryHackMe ItsyBitsy

Motasem Hamdan
1 min readNov 20, 2023

--

We covered cyber incident analysis with ELK Kibana or Elastic Search. We covered http logs pulled from a compromised Windows machine communicating with C2 server. This was part of TryHackMe ItsyBitsy.

TryHackMe ItsyBitsy

Blue Team Field Notes

This guide cover various areas such as cyber threat intelligence, incident response operational notes, secure coding…

www.buymeacoffee.com

Splunk SIEM Full Course with Practical Scenarios

One video with six hours length focusing on Splunk basics and practical scenarios in Cyber security. Note: Once you buy…

www.buymeacoffee.com

Challenge Description

During normal SOC monitoring, Analyst John observed an alert on an IDS solution indicating a potential C2 communication from a user Browne from the HR department. A suspicious file was accessed containing a malicious pattern THM:{ ________ }. A week-long HTTP connection logs have been pulled to investigate. Due to limited resources, only the connection logs could be pulled out and are ingested into the connection_logs index in Kibana.

Full Writeup can be found here.

Video Walkthrough

Tryhackme
Tryhackme Walkthrough
Tryhackme Writeup
Incident Response
Kibana

--

--

Motasem Hamdan
Motasem Hamdan

Written by Motasem Hamdan

541 Followers
10 Following

Motasem Hamdan is a content creator and swimmer who creates cyber security training videos and articles. https://www.youtube.com/@MotasemHamdan

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams