Cyber Diary

Understanding TCPDump: A Complete Guide for Network Analysis TCPDump is the most used tool in the technical world of cybersecurity and network administration. Mastering TCPDump can significantly enhance your ability to analyse traffic as a SOC Analyst, detect threats as a penetration tester, or troubleshoot network issues to responsibly act as a network administrator. In this blog, we will explore TCPDump's role in network and cybersecurity, its importance, and practical use cases to demonstrate its efficiency. Follow the link to get the complete guidebook. What is TCPDump? TCPDump is a powerful command-line packet analyzer that captures and analyzes network traffic in real time. It mostly runs on UNIX-like operating systems. Linux and macOS support it natively, whereas in Windows, we need tools like WinDump . TCPDump can capture packets traversing the network interface, filter them according to specific protocols or IPs, and then display detailed information abo...

How to Develop an Effective RCA Report for Incident Response Our fast-paced world is dependent on technology and the internet. That’s why, today, cyber security breaches are a rigorous headache for business owners- incidents can occur anytime- from phishing attacks to malware infections or unauthorised access in any infrastructure, even in the self-satisfactory declaration “Impenetrable networks”. As a SOC analyst, I am authorised to monitor any fluctuation in the SIEM dashboard and take immediate action if required. Apart from that, while I am responding to the incident, I need to understand why it happened and  prevent the event from escalating to other highly sensitive data zones. That is the place where an efficient and well-verified Root Cause Analysis report comes in. In this blog, I will walk you through what an RCA report is, why it is essential for incident response, and provide a generic procedure to create a professional RCA report. As a leading SOC analyst, ...