Ali Alwashali

DFIR CTI TH

Posts by Tag

SIEM

Remote Full Packet Capture

8 minute read

Tool such as TCPDump captures full packet data and store to desk, it doesn’t provide a way to capture and stream the packets to a remote destination. I have ...

Back to Top ↑

SOC

A tour inside a SOC analyst mind

6 minute read

As a mentor in a SOC, I often receive questions from junior analysts about the best way to approach analysis. To help them develop their skills, I sometimes ...

Analyzing SOC Data Using Jupyter Notebook

5 minute read

Detection Controls usually focus on telemetry collection, and in most cases lack data analytic capabilities. Hence, It would be necessary to export the data ...

Back to Top ↑

Zeek

Zeek Notes

2 minute read

I have been using Zeek for my personal projects for sometime, I will write some Notes for using it and plan to update this list as I get into the advanced ca...

Back to Top ↑

Network Forensics

Zeek Notes

2 minute read

I have been using Zeek for my personal projects for sometime, I will write some Notes for using it and plan to update this list as I get into the advanced ca...

Back to Top ↑

Quotes

Back to Top ↑

CTI

Perception in intelligence analysis

less than 1 minute read

By definition, Perception is the interpretations of sensory information in order to represent and understand the presented information, or the environment. I...

Back to Top ↑

SATs

Back to Top ↑

Jupyter

Analyzing SOC Data Using Jupyter Notebook

5 minute read

Detection Controls usually focus on telemetry collection, and in most cases lack data analytic capabilities. Hence, It would be necessary to export the data ...

Back to Top ↑

Pandas

Analyzing SOC Data Using Jupyter Notebook

5 minute read

Detection Controls usually focus on telemetry collection, and in most cases lack data analytic capabilities. Hence, It would be necessary to export the data ...

Back to Top ↑

Forensics

Back to Top ↑

Malware Analysis

Back to Top ↑