🙌🏽Thanks for watching! Timestamps below: ⏰TIMESTAMPS: 00:00 Intro 00:40 Scenario 01:25 Splunk 01:43 Orienting Ourselves With The Data 04:28 Investigating Reconnaissance 13:02 The Suricata Alert 13:47 The Content Management System (CMS) 14:22 The Web Scanner 14:53 The Compromised Server 15:41 Investigating Exploitation 26:52 Extracting Credentials using Regex 28:34 Understanding The Regex 31:20 The User Agent 33:09 The URI 33:20 The Username 34:05 The Password 34:47 Unique Passwords 35:06 Splunk Uniq Command? 36:15 Dedup! 36:46 The Bruteforcing IP 37:04 The Login IP 37:34 Investigation Installation 40:00 Was The Malware Executed? 42:46 The Malware Hash 43:45 Who Executed The Malware? 44:07 VirusTotal Analysis
