letsdefend.io
205 videos • 27,677 views • by InfoSec_Bret
1
letsdefend.io - Intro and SOC101 Exercise
InfoSec_Bret
Download
2
letsdefend.io - SOC103 Malicious APK Detected
InfoSec_Bret
Download
3
letsdefend.io - SOC104 - Malware Detected
InfoSec_Bret
Download
4
letsdefend.io - SOC107 EventID 19 (VIP)
InfoSec_Bret
Download
5
letsdefend.io - SOC101 EventID 18 (VIP)
InfoSec_Bret
Download
6
letsdefend.io - SOC107 EventID 19 Follow-Up (VIP)
InfoSec_Bret
Download
7
letsdefend.io - SOC106 EventID 17 (VIP)
InfoSec_Bret
Download
8
SOC105 EventID 16 (VIP)
InfoSec_Bret
Download
9
SOC104 - EventID 15 (VIP)
InfoSec_Bret
Download
10
SOC14 Event 14 (Malware Detected) (VIP)
InfoSec_Bret
Download
11
SOC105 EventID 20 (Threat Intel) (VIP)
InfoSec_Bret
Download
12
SOC104 EventID 21 (Malware Detected) (VIP)
InfoSec_Bret
Download
13
SOC102 EventID 22 (Suspicious URL Detected) (VIP)
InfoSec_Bret
Download
14
SOC103 EventID 23 (Malicious APK Detected) [VIP]
InfoSec_Bret
Download
15
SOC101 EventID 25 (Phishing Email Detected) [Oct. 29, 2020, 6:40 p.m.]
InfoSec_Bret
Download
16
SOC101 EventID 24 (Phishing Mail Detected) [VIP]
InfoSec_Bret
Download
17
LetsDefend Quiz: SIEM
InfoSec_Bret
Download
18
LetsDefend Quiz: DETECTION
InfoSec_Bret
Download
19
SOC102 EventID 26 (Proxy - Suspicious URL Detected) [Oct. 29, 2020, 7:05 p.m.]
InfoSec_Bret
Download
20
SOC102 EventID: 32 (Proxy - Suspicious URL Detected) [Dec. 1, 2020, 5:50 a.m.]
InfoSec_Bret
Download
21
SOC101 EventID: 27 (Phishing Mail Detected) [Oct. 29, 2020, 7:25 p.m.]
InfoSec_Bret
Download
22
SOC105 EventID: 28 (Requested T.I. URL address) [Oct. 29, 2020, 7:34 p.m.]
InfoSec_Bret
Download
23
SOC103 EventID: 33 (Malicious APK Detected) [Dec. 1, 2020, 3:12 a.m.]
InfoSec_Bret
Download
24
SOC104 EventID: 36 (Malware Detected) [Dec. 1, 2020, 10:23 a.m.]
InfoSec_Bret
Download
25
SOC101 EventID: 34 (Phishing Mail Detected) [Dec. 5, 2020, 10:33 p.m.]
InfoSec_Bret
Download
26
SOC102 EventID: 35 (Proxy - Suspicious URL Detected) [Dec. 6, 2020, 1:33 p.m.]
InfoSec_Bret
Download
27
SOC109 EventID: 39 (Emotet Malware Detected) [Jan. 1, 2021 4:45 p.m.]
InfoSec_Bret
Download
28
SOC108 EventID: 38 (Malicious Remote Access Software Detected) [Jan. 1, 2021, 5:36 p.m.]
InfoSec_Bret
Download
29
DFIR - Red Team Tools
InfoSec_Bret
Download
30
DFIR - Red Team Tools 2
InfoSec_Bret
Download
31
SOC110 EventID: 40 (Proxy - Cryptojacking Detected) [Jan. 2, 2021, 4:33 a.m.]
InfoSec_Bret
Download
32
SOC103 EventID: 34 (Malicious APK Detected) [Jan. 1, 2021, 6:11 p.m.]
InfoSec_Bret
Download
33
SOC101 EventID: 41 (Phishing Mail Detected) [Jan. 2, 2021, 3:39 p.m.]
InfoSec_Bret
Download
34
SOC103 EventID: 11 (Malicious APK Detected) [Aug. 30, 2020, 1:27 p.m.]
InfoSec_Bret
Download
35
SOC103 EventID: 10 (Malicious APK Detected) [Aug. 30, 2020, 11:22 a.m.]
InfoSec_Bret
Download
36
SOC101 EventID: 8 (Phishing Mail Detected) [Aug. 29, 2020, 11:05 p.m.]
InfoSec_Bret
Download
37
SOC102 EventID: 5 (Proxy - Suspicious URL Detected) [Aug. 29, 2020, 10:50 p.m.]
InfoSec_Bret
Download
38
SOC102 EventID:6 (Proxy - Suspicious URL Detected) [Aug. 29, 2020, 3:33 p.m.]
InfoSec_Bret
Download
39
SOC107 EventID: 48 (Privilege Escalation Detected) [Jan. 31, 2021, 4:20 p.m.]
InfoSec_Bret
Download
40
SOC111 EventID: 46 (Traffic to Malware Domain) [Jan. 31, 2021, 4:15 p.m.]
InfoSec_Bret
Download
41
SOC120 EventID: 52 (Phishing Mail Detected - Internal to Internal) [Feb. 7, 2021, 4:24 a.m.]
InfoSec_Bret
Download
42
SOC118 EventID: 51 (Internal Port Scan Activity) [Feb. 6, 2021, 3:40 p.m.]
InfoSec_Bret
Download
43
SOC101 EventID: 59 (Phishing Mail Detected) [Feb. 14, 2021, 3 a.m.]
InfoSec_Bret
Download
44
SOC123 EventID: 56 (Enumeration Tool Detected) [Feb. 13, 2021, 4:47 p.m.]
InfoSec_Bret
Download
45
SOC131 EventID: 67 (Reverse TCP Backdoor Detected) [March 1, 2021, 3:15 p.m.]
InfoSec_Bret
Download
46
SOC132 EventID: 68 (Same Malicious File Found on Multiple Sources) [March 1, 2021, 3:16 p.m.]
InfoSec_Bret
Download
47
SOC124 EventID: 57 (Scheduled Task Created) [Feb. 14, 2021, 11:17 a.m.]
InfoSec_Bret
Download
48
SOC129 EventID: 63 (Successful Local File Inclusion) [Feb. 21, 2021, 5:02 p.m.]
InfoSec_Bret
Download
49
SOC126 EventID: 61 (Suspicious New Autorun Value Detected) [Feb. 14, 2021, 6:40 p.m.]
InfoSec_Bret
Download
50
Malware Analysis - Work from Home
InfoSec_Bret
Download
51
Malware Analysis - Fight The Virus
InfoSec_Bret
Download
52
Malware Analysis - Malicious Doc
InfoSec_Bret
Download
53
SOC109 EventID: 85 (Emotet Malware Detected) [March 22, 2021, 9:06 p.m.]
InfoSec_Bret
Download
54
SOC141 EventID: 86 (Phishing URL Detected) [March 22, 2021, 9:23 p.m.]
InfoSec_Bret
Download
55
SOC140 EventID: 82 (Phishing Mail Detected - Suspicious Task Scheduler) [March 21, 2021, 12:26 p.m.]
InfoSec_Bret
Download
56
SOC119 EventID: 83 (Proxy - Malicious Executable File Detected) [March 21, 2021, 1:02 p.m.]
InfoSec_Bret
Download
57
SOC104 EventID: 84 (Malware Detected) [March 21, 2021, 1:04 p.m.]
InfoSec_Bret
Download
58
SOC138 EventID: 77 (Detected Suspicious XLS File) [March 13, 2021, 8:20 p.m.]
InfoSec_Bret
Download
59
SOC137 EventID: 76 (Malicious File/Script Download Attempt) [March 14, 2021, 7:15 p.m.]
InfoSec_Bret
Download
60
SOC139 EventID: 78 (Meterpreter or Empire Activity) [March 15, 2021, 2:15 p.m.]
InfoSec_Bret
Download
61
SOC119 - Proxy - Malicious Executable File Detected
InfoSec_Bret
Download
62
SOC103 EventID: 80 (Malicious APK Detected) [March 15, 2021, 9:55 p.m.]
InfoSec_Bret
Download
63
SOC134 EventID: 81 (Suspicious WMI Activity) [March 15, 2021, 10:57 p.m.]
InfoSec_Bret
Download
64
SOC134 EventID: 71 (Suspicious WMI Activity) [March 7, 2021, 4:50 p.m.]
InfoSec_Bret
Download
65
SOC135 EventID: 72 (Multiple FTP Connection Attempt) [March 7, 2021, 5:09 p.m.]
InfoSec_Bret
Download
66
SOC136 EventID: 74 (Data Leak via Mailbox Forwarding Detected) [March 7, 2021, 5:31 p.m.]
InfoSec_Bret
Download
67
SOC105 EventID: 75 (Requested T.I. URL address) [March 7, 2021, 5:47 p.m.]
InfoSec_Bret
Download
68
SOC130 EventID: 64 (Event Log Cleared) [Feb. 21, 2021, 7:23 p.m.}
InfoSec_Bret
Download
69
SOC103 EventID: 65 (Malicious APK Detected) [Feb. 22, 2021, 11:11 a.m.]
InfoSec_Bret
Download
70
SOC128 EventID: 62 (Malicious File Upload Attempt) [Feb. 22, 2021, 4:31 p.m.]
InfoSec_Bret
Download
71
SOC102 EventID: 66 (Proxy - Suspicious URL Detected) [Feb. 22, 2021, 8:36 p.m.]
InfoSec_Bret
Download
72
SOC133 EventID: 69 (Suspicious Request to New Registered Domain) [Feb. 28, 2021, 7:57 p.m.]
InfoSec_Bret
Download
73
SOC125 EventID: 58 (Suspicious Rundll32 Activity) [Feb. 14, 2021, 12:13 p.m.]
InfoSec_Bret
Download
74
SOC127 EventID: 60 (SQL Injection Detected) [Feb. 14, 2021, 1:05 p.m.]
InfoSec_Bret
Download
75
SOC101 EventID: 87 (Phishing Mail Detected) [April 4, 2021, 11 p.m.]
InfoSec_Bret
Download
76
SOC143 EventID: 90 (Password Stealer Detected) [April 26, 2021, 11:03 p.m.]
InfoSec_Bret
Download
77
SOC141 EventID: 88 (Phishing URL Detected) [April 4, 2021, 11:10 p.m.]
InfoSec_Bret
Download
78
SOC142 EventID: 89 (Multiple HTTP 500 Response) [April 18, 2021, 1 p.m.]
InfoSec_Bret
Download
79
SOC116 EventID: 49 (DNS Hijacking Detected) [Feb. 6, 2021, 12:42 p.m.]
InfoSec_Bret
Download
80
SOC117 EventID: 50 (Suspicious .reg File) [Feb. 6, 2021, 1:58 p.m.]
InfoSec_Bret
Download
81
SOC121 EventID: 53 (Proxy - Malicious Executable File Detected) [Feb. 7, 2021, 12:19 p.m.]
InfoSec_Bret
Download
82
SOC108 EventID: 54 (Malicious Remote Access Software Detected) [Feb. 7, 2021, 1:21 p.m.]
InfoSec_Bret
Download
83
SOC122 EventID: 55 (Android Banker Malware Detected) [Feb. 7, 2021, 6:21 p.m.]
InfoSec_Bret
Download
84
SOC111 EventID: 42 (Traffic to Malware Domain) [Jan. 30, 2021, 5:25 p.m.]
InfoSec_Bret
Download
85
SOC112 EventID: 43 (Traffic to Blacklisted IP) [Jan. 31, 2021, 11:02 a.m.]
InfoSec_Bret
Download
86
SOC113 EventID: 44 (Suspicious hh.exe Usage) [Jan. 31, 2021, 4:59 p.m.]
InfoSec_Bret
Download
87
SOC144 EventID: 91 (New scheduled task created) [May 14, 2021, 3:22 p.m.]
InfoSec_Bret
Download
88
SOC145 EventID: 92 (Ransomware Detected) [May 23, 2021, 7:32 p.m.]
InfoSec_Bret
Download
89
Malware Analysis - Malicious VBA
InfoSec_Bret
Download
90
SOC146 EventID: 93 (Phishing Mail Detected - Excel 4.0 Macros) [June 13, 2021, 2:13 p.m.]
InfoSec_Bret
Download
91
Malware Analysis - Excel 4.0 Macros
InfoSec_Bret
Download
92
SOC147 EventID: 94 (SSH Scan Activity) [June 13, 2021, 4:23 p.m.]
InfoSec_Bret
Download
93
DFIR - HTTP Basic Auth.
InfoSec_Bret
Download
94
DFIR - Disclose The Agent
InfoSec_Bret
Download
95
DFIR - Shellshock Attack
InfoSec_Bret
Download
96
DFIR - Port Scan Activity
InfoSec_Bret
Download
97
DFIR - Ransomware Attack
InfoSec_Bret
Download
98
DFIR - IcedID Malware Family
InfoSec_Bret
Download
99
DFIR - Infection with Cobalt Strike
InfoSec_Bret
Download
100
DFIR - REvil Ransomware
InfoSec_Bret
Download
101
IR BETA - SOC148 EventID:95 - IR BETA
InfoSec_Bret
Download
102
IR BETA - SOC149 EventID:96 - IR BETA
InfoSec_Bret
Download
103
IR BETA - SOC128 EventID:97 - IR BETA
InfoSec_Bret
Download
104
DFIR - PrintNightmare
InfoSec_Bret
Download
105
Malware Analysis - MSHTML
InfoSec_Bret
Download
106
IR BETA - SOC157-107 - Suspicious WAR File
InfoSec_Bret
Download
107
LetsDefend IR Training
InfoSec_Bret
Download
108
IR - SOC155-104 - Suspicious SSH Login
InfoSec_Bret
Download
109
IR - SOC161-111 - Log4j RCE Exploit
InfoSec_Bret
Download
110
IR - SOC154-102 - Service Configuration File Changed by Non Admin User
InfoSec_Bret
Download
111
IR - SOC151-99 - Unauthorized Root Access
InfoSec_Bret
Download
112
IR - SOC128-106 - Malicious File Upload Attempt
InfoSec_Bret
Download
113
IR - SOC153-101 - Suspicious Powershell Script Executed
InfoSec_Bret
Download
114
IR - SOC145-103 - Ransomware Detected
InfoSec_Bret
Download
115
IR - SOC152-100 - Encrypted Files Detected
InfoSec_Bret
Download
116
IR - SOC156-105 - Unnormal Code/Command Execution
InfoSec_Bret
Download
117
IR - SOC158-108 - Hijacked NPM Package
InfoSec_Bret
Download
118
IR - SOC159-109 - Karma Ransomware Attack
InfoSec_Bret
Download
119
IR - SOC159-109 - Karma Ransomware Attack
InfoSec_Bret
Download
120
IR - SOC162-112 - Pwnkit (CVE-2021-4034) Detected - Auditd (pkexec)
InfoSec_Bret
Download
121
SA - SOC170-120 - Passwd Found in Requested URL - Possible LFI Attack
InfoSec_Bret
Download
122
SA - SOC163-113 - Suspicious Certutil.exe Usage
InfoSec_Bret
Download
123
SA - SOC164-114 - Suspicious Mshta Behavior
InfoSec_Bret
Download
124
IR - SOC171-121 - Spring4Shell Activity
InfoSec_Bret
Download
125
SA - SOC166-116 - Javascript Code Detected in Requested URL
InfoSec_Bret
Download
126
SA - SOC167-117 - LS Command Detected in Requested URL
InfoSec_Bret
Download
127
SA - SOC168-118 - Whoami Command Detected in Request Body
InfoSec_Bret
Download
128
SA - SOC169-119 - Possible IDOR Attack Detected
InfoSec_Bret
Download
129
DFIR Challenge - Conti Ransomware
InfoSec_Bret
Download
130
SA - SOC115-47 - Wscript.exe Usage as Dropper
InfoSec_Bret
Download
131
Malware Analysis - PDF Analysis
InfoSec_Bret
Download
132
DFIR - Investigate Web Attack
InfoSec_Bret
Download
133
DFIR - Memory Analysis
InfoSec_Bret
Download
134
IR - SOC174-124 - DogWalk 0-Day Activity
InfoSec_Bret
Download
135
Malware Analysis - Suspicious Browser Extension
InfoSec_Bret
Download
136
DFIR - Windows Forensics - Part 1
InfoSec_Bret
Download
137
DFIR - Windows Forensics - Part 2
InfoSec_Bret
Download
138
SA - SOC175-125 - PowerShell Found in Requested URL - Possible CVE-2022-41082 Exploitation
InfoSec_Bret
Download
139
DFIR Challenge - Phishing Email
InfoSec_Bret
Download
140
[REDO] SOC101 EventID: 8 (Phishing Mail Detected) [Aug. 29, 2020, 11:05 p.m.] [REDO]
InfoSec_Bret
Download
141
DFIR Challenge - Email Analysis
InfoSec_Bret
Download
142
DFIR Challenge - AWS CloudTrail Part 1
InfoSec_Bret
Download
143
DFIR Challenge - AWS CloudTrail Part 2 [FINAL]
InfoSec_Bret
Download
144
IR - SOC176-126 - RDP Brute Force Detected
InfoSec_Bret
Download
145
IR - SOC186-132 - 3CX DLL-Sideloading Attack Detected
InfoSec_Bret
Download
146
IR - SOC186-132 - Multiple User Login Failures Detected on Same Machine
InfoSec_Bret
Download
147
IR - SOC180-130 - BianLian Ransomware Detected
InfoSec_Bret
Download
148
IR - SOC183-133 - Suspicious WMI Activity Detected
InfoSec_Bret
Download
149
SA - SOC202-153 - FakeGPT Malicious Chrome Extension
InfoSec_Bret
Download
150
IR - SOC178-128 - WannaCry Ransomware Detected
InfoSec_Bret
Download
151
IR - SOC192-142 - Suspicious BITS Usage Detected
InfoSec_Bret
Download
152
IR -SOC191-141 - Scr Hijack Detected
InfoSec_Bret
Download
153
SA - SOC166-116 - Javascript Code Detected in Requested URL
InfoSec_Bret
Download
154
SA - SOC165-115 - Possible SQL Injection Payload Detected
InfoSec_Bret
Download
155
SA - SOC147-94 - SSH Scan Activity
InfoSec_Bret
Download
156
dynamic-malware-analysis-example-1
InfoSec_Bret
Download
157
SA - SOC146 EventID: 93 (Phishing Mail Detected - Excel 4.0 Macros) [June 13, 2021, 2:13 p.m.]
InfoSec_Bret
Download
158
DFIR Challenge - WinRAR 0-Day
InfoSec_Bret
Download
159
Challenge - QakBot Malware
InfoSec_Bret
Download
160
Challenge - Powershell Script
InfoSec_Bret
Download
161
Challenge - LockBit
InfoSec_Bret
Download
162
[Private video]
Download
163
IR -SOC215-168 - Possible Zero Day Exploit Detected(CVE-2023-36884)
InfoSec_Bret
Download
164
SA - SOC227 EventID: 189 (Microsoft SharePoint Server Elevation of Privilege - CVE-2023-29357)
InfoSec_Bret
Download
165
SA - SOC235 EventID: 197 (Atlassian Confluence Broken Access Control 0-Day CVE-2023-22515)
InfoSec_Bret
Download
166
Lets Talk about Black Friday Sales (but mostly Lets Defend)!
InfoSec_Bret
Download
167
IR -SOC108-179 - Malicious Remote Access Software Detected
InfoSec_Bret
Download
168
IR -SOC216-170 - Suspicious MSI Installation
InfoSec_Bret
Download
169
IR -SOC213-169 - Possible Data Exfiltration Detected
InfoSec_Bret
Download
170
IR -SOC214-166 - Qakbot Data Theft
InfoSec_Bret
Download
171
IR -SOC207-158 - Anomalous File OPS
InfoSec_Bret
Download
172
SA -SOC250-212 - APT35 HyperScrape Data Exfiltration Tool Detected
InfoSec_Bret
Download
173
SA -SOC210-212 - Possible Brute Force Detected on VPN
InfoSec_Bret
Download
174
SA -SOC251-214 - Quishing Detected (QR Code Phishing)
InfoSec_Bret
Download
175
Challenge - Adobe ColdFusion RCE
InfoSec_Bret
Download
176
Challenge - PCAP Analysis
InfoSec_Bret
Download
177
Challenge - Malicious Chrome Extension
InfoSec_Bret
Download
178
Challenge - RegistryHive
InfoSec_Bret
Download
179
Challenge - PDFURI
InfoSec_Bret
Download
180
Challenge - macOS Malware
InfoSec_Bret
Download
181
Challenge - ImageStegano
InfoSec_Bret
Download
182
Challenge - Serpent Stealer
InfoSec_Bret
Download
183
Challenge - Agniane Stealer
InfoSec_Bret
Download
184
Challenge - Phishing Email / Audio Test
InfoSec_Bret
Download
185
Challenge - DLL Stealer
InfoSec_Bret
Download
186
Challenge - Royal Ransom
InfoSec_Bret
Download
187
Challenge - AstasiaLoader
InfoSec_Bret
Download
188
Challenge - Discord Forensics
InfoSec_Bret
Download
189
Challenge - Malicious WordPress Plugin
InfoSec_Bret
Download
190
Challenge - YARA Rule
InfoSec_Bret
Download
191
LetsDefend Platform - How To - Upload/Download to/from sandbox VM
InfoSec_Bret
Download
192
LetsDefend Platform - How To - Upload/Download to/from sandbox VM 2
InfoSec_Bret
Download
193
Challenge - Compromised ICS Device
InfoSec_Bret
Download
194
Challenge - PHP-CGI (CVE-2024-4577)
InfoSec_Bret
Download
195
Challenge - Confluence CVE-2023-22527 - Part 1
InfoSec_Bret
Download
196
Challenge - Confluence CVE-2023-22527 - Part 2
InfoSec_Bret
Download
197
Challenge - Linux Disk Forensics
InfoSec_Bret
Download
198
Challenge - Batch Downloader
InfoSec_Bret
Download
199
Challenge - Downloader
InfoSec_Bret
Download
200
Challenge - Malicious Web Traffic Analysis
InfoSec_Bret
Download
201
Challenge - Revenge RAT
InfoSec_Bret
Download