Task 1 Introduction The room invites you to a challenge where you will investigate a series of traffic data and stop malicious activity under two different scenarios. Let’s start working with Snort to analyse live and captured traffic. Before joining this room, we suggest completing the ‘Snort’ room. Note: There are two VMs attached to this challenge. Each…

Task 1 Introduction- Introduction Detection engineering is an important role and task for a security analyst. It involves developing processes that will guide you as an analyst to identify threats before they cause any harm to an environment through the use of rules. This room will introduce you to Sigma, an open-source generic signature language…

Task 1  Introduction Is your organisation prepared to handle emerging threats like new malware IOCs or zero days? And in any case, can you determine unknown adversaries or apply known indicators from reliable sources in your Security Operations pipeline? Such questions arise when you think of the ever-going cat-and-mouse game of threat actors and security analysts…

Task 1  Introduction You’re hired as a security engineer, and you want to make a good impression. You noticed that there’s a default ruleset available, and it has already been enabled. The SOC team seems to function, albeit not as efficiently as you might expect – then it dawns on you; the default rules just won’t cut it. This…

Task 1  Introduction Detection engineering is an important role and task for a security analyst. It involves developing processes that will guide you as an analyst to identify threats, detect them through rules and processes, and fine-tune the process as the landscape changes. Learning Objectives Task 2  What is Detection Engineering? Detection Engineering Cybersecurity is growing and…

Custom Alert Rules in Wazuh Task 1 Introduction Wazuh is an open-source security detection tool that works on top of the ELK stack (Elasticsearch, Logstash, and Kibana) and is designed to identify threats using its alert rule system. This system uses rules to search for potential security threats or issues in logs from various sources,…

Task 1  Quick Recap In the previous room, we studied the first five principles of OWASP API Security. Now in this room, we will briefly discuss the remaining principles and their potential impact and mitigation measures. Learning Objectives Learning Pre-requisitesAn understanding of the following topics is recommended before starting the room: Connecting to the MachineWe will be using Windows…

Task 1  Introduction Open Worldwide Application Security Project (OWASP) is a non-profit and collaborative online community that aims to improve application security via a set of security principles, articles, documentation etc. Back in 2019, OWASP released a list of the top 10 API vulnerabilities, which will be discussed in detail, along with its potential impact and a…

This room breaks each OWASP topic down and includes details on the vulnerabilities, how they occur, and how you can exploit them. You will put the theory into practice by completing supporting challenges. The room has been designed for beginners and assumes no previous security knowledge. Task 3  1. Broken Access Control Websites have pages that are protected…

Task 1  Introduction Consider the following example. A prestigious hospital in the UK must ensure that it aligns with all the regulations. You are part of the team responsible for ensuring compliance with the Data Protection Act (2018). One of the requirements is to ensure that patients’ records are kept confidential and protected against unauthorised processing,…