{"id":858,"date":"2024-08-24T05:21:05","date_gmt":"2024-08-24T05:21:05","guid":{"rendered":"https:\/\/hackmybox.com\/?p=858"},"modified":"2024-08-26T04:55:04","modified_gmt":"2024-08-26T04:55:04","slug":"introduction-to-threat-hunting","status":"publish","type":"post","link":"https:\/\/hackmybox.com\/index.php\/2024\/08\/24\/introduction-to-threat-hunting\/","title":{"rendered":"Introduction to Threat Hunting"},"content":{"rendered":"<div class=\"vce-row-container\" data-vce-boxed-width=\"true\"><div class=\"vce-row vce-row--col-gap-30 vce-row-equal-height vce-row-content--top\" id=\"el-66b4e01a\" data-vce-do-apply=\"all el-66b4e01a\"><div class=\"vce-row-content\" data-vce-element-content=\"true\"><div class=\"vce-col vce-col--md-auto vce-col--xs-1 vce-col--xs-last vce-col--xs-first vce-col--sm-last vce-col--sm-first vce-col--md-last vce-col--lg-last vce-col--xl-last vce-col--md-first vce-col--lg-first vce-col--xl-first\" id=\"el-629a2949\"><div class=\"vce-col-inner\" data-vce-do-apply=\"border margin background  el-629a2949\"><div class=\"vce-col-content\" data-vce-element-content=\"true\" data-vce-do-apply=\"padding el-629a2949\"><div class=\"vcv-row-control-wrapper\"><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"vce-row-container\" data-vce-boxed-width=\"true\"><div class=\"vce-row vce-row--col-gap-30 vce-row-equal-height vce-row-content--top\" id=\"el-05cbf61a\" data-vce-do-apply=\"all el-05cbf61a\"><div class=\"vce-content-background-container\"><\/div><div class=\"vce-row-content\" data-vce-element-content=\"true\"><div class=\"vce-col vce-col--md-auto vce-col--xs-1 vce-col--xs-last vce-col--xs-first vce-col--sm-last vce-col--sm-first vce-col--md-last vce-col--lg-last vce-col--xl-last vce-col--md-first vce-col--lg-first vce-col--xl-first\" id=\"el-b4a16e2d\"><div class=\"vce-col-inner\" data-vce-do-apply=\"border margin background  el-b4a16e2d\"><div class=\"vce-col-content\" data-vce-element-content=\"true\" data-vce-do-apply=\"padding el-b4a16e2d\"><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-d6d3de3f\" data-vce-do-apply=\"all el-d6d3de3f\"><p>First, let us establish the concept and meaning of IOC . An Indicator of Compromise(IOC) is a data point used in cybersecurity to identify signs of malicious activity. Examples include file hashes, IP addresses, domain names, registry keys, URLs, and email addresses associated with threats. IOCs help detect, analyze, and respond to security incidents by providing evidence of potential breaches or malicious behavior.<\/p>\n<p>In this lab by Security Blue, we will focus on file hashes in our threat hunting. File hashes are unique identifiers for files, such as MD5, SHA1, or SHA256, that can help identify known malicious files.<\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-1d66ca9b\" data-vce-do-apply=\"all el-1d66ca9b\"><p>1.The first step is to download and install the necessary tools from the link below:<\/p>\n<p><a href=\"https:\/\/fireeye.market\/apps\/S7cWpi9W\">IOC Editor | FireEye Market<\/a><\/p>\n<p><a href=\"https:\/\/fireeye.market\/apps\/211364\">FireEye Market<\/a><\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-6ff6f5d4\" data-vce-do-apply=\"all el-6ff6f5d4\"><p>2. The next step is to obtain the hash values from the provided files.<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-3fa55e75\" data-vce-do-apply=\"all el-3fa55e75\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 853px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 77.6084%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"853\" height=\"662\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/files-320x248.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/files-480x373.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/files-800x621.jpg 800w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/files-853x662.jpg 853w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/files-853x662.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/files.jpg\" data-attachment-id=\"863\"  alt=\"\" title=\"files\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-f15cfe1c\" data-vce-do-apply=\"all el-f15cfe1c\"><p>3. There are several ways to obtain the required hash values. For simplicity, we will use PowerShell.<\/p>\n<p><span style=\"color: #ffff00;\">Get-FileHash -Path \"myfile.exe\" -Algorithm SHA256<\/span><\/p>\n<ul>\n<li><code>Get-FileHash<\/code>: The PowerShell cmdlet used to compute the hash value of a file.<\/li>\n<li><code>-Path \"myfile.exe\"<\/code>: Specifies the path to the file for which you want to calculate the hash. Make sure to use the correct path to your file.<\/li>\n<li><code>-Algorithm SHA256<\/code>: Specifies the hashing algorithm to use. In this case, SHA256. You can replace <code>SHA256<\/code> with other supported algorithms like <code>MD5<\/code>, <code>SHA1<\/code>, etc.<\/li>\n<\/ul><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-24292548\" data-vce-do-apply=\"all el-24292548\"><h6>IOC 1 <em>(Click on the image below to zoom in)<\/em><\/h6><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-3792d2c9\" data-vce-do-apply=\"all el-3792d2c9\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><a href=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1.jpg\" data-lightbox=\"lightbox-3792d2c9\" class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 20.0195%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"205\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1-1024x206.jpg 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1-320x64.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1-480x96.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1-800x161.jpg 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1-1024x206.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1.jpg\" data-attachment-id=\"864\"  alt=\"\" title=\"IOC1\" \/><\/a><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-5c14ec59\" data-vce-do-apply=\"all el-5c14ec59\"><h6>IOC 2 <em>(Click on the image below to zoom in)<\/em><\/h6>\n<p>&nbsp;<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-e78b81e0\" data-vce-do-apply=\"all el-e78b81e0\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><a href=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC2.jpg\" data-lightbox=\"lightbox-e78b81e0\" class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 19.9219%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"204\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC2-1024x204.jpg 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC2-320x64.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC2-480x96.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC2-800x159.jpg 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC2-1024x204.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC2.jpg\" data-attachment-id=\"865\"  alt=\"\" title=\"IOC2\" \/><\/a><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-565fd542\" data-vce-do-apply=\"all el-565fd542\"><p>4.&nbsp; From the obtained hashes, open the IOC Editor and create indicators for IOC 1 and IOC 2.<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-41db4fce\" data-vce-do-apply=\"all el-41db4fce\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 35.7422%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"366\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-1-1024x366.jpg 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-1-320x115.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-1-480x172.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-1-800x286.jpg 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-1-1024x366.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-1.jpg\" data-attachment-id=\"867\"  alt=\"\" title=\"IOC-1\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-782b60da\" data-vce-do-apply=\"all el-782b60da\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 42.3828%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"434\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-2-1024x435.jpg 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-2-320x136.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-2-480x204.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-2-800x340.jpg 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-2-1024x435.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC-2.jpg\" data-attachment-id=\"868\"  alt=\"\" title=\"IOC-2\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-4d860d0e\" data-vce-do-apply=\"all el-4d860d0e\"><p>5.&nbsp; Open Mandiant RedLine &amp; click \u201c<span style=\"color: #ffff00;\"><strong>Create an IOC Search Collector<\/strong><\/span>\u201d<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-c4a76ea8\" data-vce-do-apply=\"all el-c4a76ea8\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 861px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 69.4541%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"861\" height=\"598\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/redline-320x222.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/redline-480x333.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/redline-800x556.jpg 800w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/redline-861x598.jpg 861w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/redline-861x598.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/redline.jpg\" data-attachment-id=\"869\"  alt=\"\" title=\"redline\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-8c5a5a32\" data-vce-do-apply=\"all el-8c5a5a32\"><p>6.&nbsp; Browse to the folder where the IOCs are saved, select both IOCs, and then click \"Next.\"<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-8cf66632\" data-vce-do-apply=\"all el-8cf66632\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 963px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 75.3894%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"963\" height=\"726\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1-2-320x241.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1-2-480x362.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1-2-800x603.jpg 800w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1-2-963x726.jpg 963w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1-2-963x726.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/IOC1-2.jpg\" data-attachment-id=\"870\"  alt=\"\" title=\"IOC1-2\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-d2957b85\" data-vce-do-apply=\"all el-d2957b85\"><p>7. Click on \"Edit your script\". Check <span style=\"color: #ffff00;\">File Enumeration<\/span> and enable the options highlighted below. Specify the <span style=\"color: #ffff00;\">Path<\/span> or location on your system where you want Redline to search for potential compromises.&nbsp;<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-7de0d834\" data-vce-do-apply=\"all el-7de0d834\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 960px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 75.625%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"960\" height=\"726\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/Script-320x242.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/Script-480x363.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/Script-800x605.jpg 800w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/Script-960x726.jpg 960w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/Script-960x726.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/Script.jpg\" data-attachment-id=\"871\"  alt=\"\" title=\"Script\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-a657a9ac\" data-vce-do-apply=\"all el-a657a9ac\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 676px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 119.822%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"676\" height=\"810\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/TH1-320x383.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/TH1-480x575.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/TH1-676x810.png 676w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/TH1-676x810.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/TH1.png\" data-attachment-id=\"902\"  alt=\"\" title=\"TH1\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-d8d78391\" data-vce-do-apply=\"all el-d8d78391\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 602px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 75.7475%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"602\" height=\"456\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/collector-320x242.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/collector-480x364.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/collector-602x456.png 602w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/collector-602x456.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/collector.png\" data-attachment-id=\"874\"  alt=\"\" title=\"collector\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-d11715c6\" data-vce-do-apply=\"all el-d11715c6\"><p>8. Your Collector package is created and saved to the location you specified.<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-5a536b8b\" data-vce-do-apply=\"all el-5a536b8b\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 602px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 62.1262%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"602\" height=\"374\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/CollectorIns-320x199.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/CollectorIns-480x298.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/CollectorIns-602x374.png 602w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/CollectorIns-602x374.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/CollectorIns.png\" data-attachment-id=\"875\"  alt=\"\" title=\"CollectorIns\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-1fbd895d\" data-vce-do-apply=\"all el-1fbd895d\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 467px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 91.4347%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"467\" height=\"427\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/cfiles-320x293.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/cfiles-467x427.jpg 467w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/cfiles-467x427.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/cfiles.jpg\" data-attachment-id=\"876\"  alt=\"\" title=\"cfiles\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-36b4cd5e\" data-vce-do-apply=\"all el-36b4cd5e\"><p>9. Open CMD and navigate to the directory where you saved the collector files. Run the batch file <span style=\"color: #ffff00;\">.\\RunRdlineAudit.bat<\/span><\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-ae36a792\" data-vce-do-apply=\"all el-ae36a792\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 538px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 68.2156%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"538\" height=\"367\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/cmd1-320x218.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/cmd1-480x327.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/cmd1-538x367.png 538w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/cmd1-538x367.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/cmd1.png\" data-attachment-id=\"877\"  alt=\"\" title=\"cmd1\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-10e3472b\" data-vce-do-apply=\"all el-10e3472b\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 497px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 38.0282%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"497\" height=\"189\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/CMD2-320x122.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/CMD2-480x183.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/CMD2-497x189.png 497w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/CMD2-497x189.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/CMD2.png\" data-attachment-id=\"878\"  alt=\"\" title=\"CMD2\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-fa8d579f\" data-vce-do-apply=\"all el-fa8d579f\"><p>10. Once the batch file has finished running, you will be returned to the command prompt (as seen above).&nbsp; Reopen Redline, select <span style=\"color: #ffff00;\">Open Previous Analysis,<\/span> choose the<span style=\"color: #ffff00;\"> AnalysisSession1.mans <\/span>file, and then review the results.<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-20b7c9f2\" data-vce-do-apply=\"all el-20b7c9f2\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 864px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 69.5602%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"864\" height=\"601\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/analysis-320x223.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/analysis-480x334.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/analysis-800x556.jpg 800w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/analysis-864x601.jpg 864w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/analysis-864x601.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/analysis.jpg\" data-attachment-id=\"879\"  alt=\"\" title=\"analysis\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-25e5d230\" data-vce-do-apply=\"all el-25e5d230\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 700px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 48%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"700\" height=\"336\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/session-320x154.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/session-480x230.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/session-700x336.jpg 700w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/session-700x336.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/session.jpg\" data-attachment-id=\"880\"  alt=\"\" title=\"session\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-083bdbf1\" data-vce-do-apply=\"all el-083bdbf1\"><p>11.&nbsp; Finally, review the report, which will detail all identified threats based on your IOC file. It includes file paths, sizes, MD5 hashes, user information, and relevant file dates.<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-224079ac\" data-vce-do-apply=\"all el-224079ac\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 958px;\"><a href=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/result2.jpg\" data-lightbox=\"lightbox-224079ac\" class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 55.5324%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"958\" height=\"532\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/result2-320x178.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/result2-480x267.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/result2-800x444.jpg 800w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/result2-958x532.jpg 958w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/result2-958x532.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/08\/result2.jpg\" data-attachment-id=\"883\"  alt=\"\" title=\"result2\" \/><\/a><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-355c90a9\" data-vce-do-apply=\"all el-355c90a9\"><p>The complete Redline user guide can be downloaded for free from the link below:<\/p><\/div><\/div><div class=\"vce-button--style-basic-container vce-button--style-basic-container--align-center\"><span class=\"vce-button--style-basic-wrapper vce\" id=\"el-646f5601\" data-vce-do-apply=\"margin el-646f5601\"><a class=\"vce-button vce-button--style-basic vce-button--style-basic--border-round vce-button--style-basic--size-small vce-button--style-basic--color-b-138-198-10--fff\" href=\"https:\/\/fireeye.market\/assets\/apps\/211364\/documents\/700848_en.pdf\" title=\"\" data-vce-do-apply=\"padding border background  el-646f5601\">Download<\/a><\/span><\/div><\/div><\/div><\/div><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>First, let us establish the concept and meaning of IOC . An Indicator of Compromise(IOC) is a data point used in cybersecurity to identify signs of malicious activity. Examples include file hashes, IP addresses, domain names, registry keys, URLs, and email addresses associated with threats. IOCs help detect, analyze, and respond to security incidents by [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":873,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","site-transparent-header":"default","prose-style":"enable","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[12],"tags":[],"class_list":["post-858","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-labs"],"_links":{"self":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/858","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/comments?post=858"}],"version-history":[{"count":41,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/858\/revisions"}],"predecessor-version":[{"id":933,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/858\/revisions\/933"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/media\/873"}],"wp:attachment":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/media?parent=858"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/categories?post=858"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/tags?post=858"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}