- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Day 55 of Becoming a SOC Analyst | SQL Injection to Web Shell to Reverse Shell Full Chain Compromise
Day 55 of Becoming a SOC Analyst — SQL Injection → Web Shell Deployment → Reverse Shell (True Positive)
External IP 101.32.223.119 targeted internal web server SQLServer at 172.16.20.6 via a UNION SELECT SQL injection through the userNumber URL parameter. The attacker used the injection to write a PHP web shell — cmd.php — directly to /var/www/html, establishing persistent remote code execution on the server. From there, they executed commands through the web shell and spawned a netcat reverse shell back to 101.32.223.119 on port 1234, achieving full interactive access. The multiple HTTP 500 responses in proxy logs were the breadcrumb trail that triggered the alert — error responses from malformed injection attempts before the payload landed clean. This is the full attack chain: initial access, execution, persistence, and C2 in one session. Walked through the full triage: proxy log analysis, SQL injection payload deconstruction, web shell write confirmation, reverse shell connection identification, MITRE mapping (T1190, T1505.003, T1059, T1105, T1071.001), and confirming true positive with immediate endpoint isolation and malicious IP documentation.
SOC142 - Multiple HTTP 500 Response
Scenario sourced from LetsDefend.io — one of the best hands-on SOC analyst training platforms out there.
Highly recommend if you're on the same path. I'm documenting every day of my journey to landing a Level 1 SOC Analyst role — the wins, the grinds, and everything in between.
00:00 Day 55 intro
00:23 Alert Details
00:49 Investigation
05:15 Playbook Answers
06:52 5w Log
09:44 Result
🔵 What I Cover
Threat Detection · Alert Triage · SIEM Analysis · Web Log Analysis · Incident Response · Blue Team Tools
🚨 Open to Work — Seeking a Level 1 SOC Analyst role in Melbourne or Remote (AU)
📂 Portfolio → inksec.io
💼 LinkedIn → linkedin.com/in/tate-pannam-8b64b23a3
If you chose the red pill...
0x74617465.sh
#SOCAnalyst #BlueTeam #Cybersecurity #SQLInjection #WebShell #ReverseShell #IncidentResponse #SIEM #Day55 #CyberSecurityJourney #Melbourne #LetsDefend #LetsDefendSOC #ThreatHunting #WebSecurity #InfoSec
Видео Day 55 of Becoming a SOC Analyst | SQL Injection to Web Shell to Reverse Shell Full Chain Compromise канала InkSec
External IP 101.32.223.119 targeted internal web server SQLServer at 172.16.20.6 via a UNION SELECT SQL injection through the userNumber URL parameter. The attacker used the injection to write a PHP web shell — cmd.php — directly to /var/www/html, establishing persistent remote code execution on the server. From there, they executed commands through the web shell and spawned a netcat reverse shell back to 101.32.223.119 on port 1234, achieving full interactive access. The multiple HTTP 500 responses in proxy logs were the breadcrumb trail that triggered the alert — error responses from malformed injection attempts before the payload landed clean. This is the full attack chain: initial access, execution, persistence, and C2 in one session. Walked through the full triage: proxy log analysis, SQL injection payload deconstruction, web shell write confirmation, reverse shell connection identification, MITRE mapping (T1190, T1505.003, T1059, T1105, T1071.001), and confirming true positive with immediate endpoint isolation and malicious IP documentation.
SOC142 - Multiple HTTP 500 Response
Scenario sourced from LetsDefend.io — one of the best hands-on SOC analyst training platforms out there.
Highly recommend if you're on the same path. I'm documenting every day of my journey to landing a Level 1 SOC Analyst role — the wins, the grinds, and everything in between.
00:00 Day 55 intro
00:23 Alert Details
00:49 Investigation
05:15 Playbook Answers
06:52 5w Log
09:44 Result
🔵 What I Cover
Threat Detection · Alert Triage · SIEM Analysis · Web Log Analysis · Incident Response · Blue Team Tools
🚨 Open to Work — Seeking a Level 1 SOC Analyst role in Melbourne or Remote (AU)
📂 Portfolio → inksec.io
💼 LinkedIn → linkedin.com/in/tate-pannam-8b64b23a3
If you chose the red pill...
0x74617465.sh
#SOCAnalyst #BlueTeam #Cybersecurity #SQLInjection #WebShell #ReverseShell #IncidentResponse #SIEM #Day55 #CyberSecurityJourney #Melbourne #LetsDefend #LetsDefendSOC #ThreatHunting #WebSecurity #InfoSec
Видео Day 55 of Becoming a SOC Analyst | SQL Injection to Web Shell to Reverse Shell Full Chain Compromise канала InkSec
Комментарии отсутствуют
Информация о видео
5 марта 2026 г. 2:45:03
00:10:33
Другие видео канала
sudo CVE-2025-32463 — chroot Privilege Escalation Confirmed on Linux Host | LetsDefend Alert SOC341
Wscript.exe LOLBin Executes VBS Dropper — C2 Comms on Non-Standard Port | LetsDefend Alert Triage
QBot Malware Memory Forensics — Tracing a Banking Trojan from Excel Macro to C2 | CyberDefenders Lab
Day 45 of Becoming a SOC Analyst | MSHTA Abused to Download Remote Payload — LOLBin Staging Attack
Obfuscated PowerShell Downloads Remote Script In-Memory — Fileless Malware | LetsDefend SOC102
SOC257 Investigation | VPN Login from Unauthorized Country (True Positive) | LetsDefend SOC
SQL Injection Attack Detected (Exploit Public-Facing App) | LetsDefend SOC Investigation
SOC Malware Analysis – Malicious DOC Dropper Investigation (LetsDefend Malware Challenge)
SOC Web Attack Challenge – Deep Log Analysis Walkthrough (LetsDefend)
LetsDefend ANY.RUN Question – Which File Is Malicious? (Sandbox Analysis Explained)
Phishing Reset Link Leads to Credential Theft | Let’s Defend SOC275 Investigation
SOC176 RDP Brute Force Detected (EventID 234) | Confirmed Compromise | LetsDefend SOC
CRITICAL Lumma Stealer Infection | ClickFix Phishing → DLL Side-Loading (SOC338 LetsDefend)
TryHackMe Night Shift Task 8 Walkthrough SOC Analyst Ransomware and Cloud Investigation
SQL Injection Alert on Authorized Pentest Activity — False Positive Triage | LetsDefend Alert Triage
Windows Defender Evasion — Brute Force Entry, Rundll32 LOLBin PoC | LetsDefend SOC321
SOC Investigation – Malicious Attachment Detected (Phishing Alert) (LetsDefend SOC114)
SOC101 Phishing Mail Detected — Emotet Macro Dropper via Fake UPS Notification | LetsDefend Alert
CRITICAL PAN-OS Exploited | CVE-2024-3400 Command Injection (LetsDefend SOC274)
Phishing Email — Emotet Attachment Blocked, C2 Infrastructure Identified | LetsDefend Alert Triage
Cryptojacking Alert on a bit.ly Shortened URL — Rickrolled by a False Positive | LetsDefend Alert
