Name: System-CTL
Type: User
Company: @Gulf Power Alliance Mannai
Bio: Threat Hunter,
Incident Responder,
DFIR Engineer,
Malware Analyst
Location: Qatar
Blog: https://medium.com/@Ab_Hussain
System-CTL's Projects
OTX AKA Alient Vault Threat feed is crucial for mapping IOCs in reference set or endpoint to detect newly compromise threats in your enviroment .
CEH Practical Exam
Call XDR Cortex API to fetch customize data and display it to customize web page according to requirements .
Track IP information.
My mentor tells me about his journey of OSCP and one python script that helps him alot . The script is about enumerate the target services with NMAP then get exploits of each enumerated service from searchsploit . The whole process done by few lines of Bash script.
Malware Scanner based on the binary classification as the dataset is classify into two classes (Clean ,Malware) exe data . The dataset contain portable excutable(PE) header features which have malicious and clean features values in CSV file. The scanner declare the executable as malicious on the basis of its some malicious header features . After trained the model we deployed the ML model on the WEB APP and DESKTOP APP which have multiple scanning options
Checking open port of TCP(User Ports range from 1024 to 49770) of computer with malicious ports dataset released by IANA . IANA(Internet Assigned Numbers Authority) is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System, media types, and other Internet Protocol-related symbols and Internet numbers.
Static Behaviors of headers files of windows exe and .dll
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
SOC analyst work day and night for protecting the organization but sometimes we don't have the mechanism for protecing against particular threat like in life in some moment we were helpless but sun shine after storm. Yup log4j, i'm not a pro in wrtting regex but have some hands-on knowledge. For now, i have seen people wrtting long regex for SIEM solution and dumb guy like thinking how you did that but long is not always right ooh sorry, Means optimal solution could be achieved in matter of few words.
Config files for my GitHub profile.
The script based on NIST SP-800-61r2 detection phase which actually parse all the key artifacts by utilizing windows utilities.