{"version":1,"pages":[{"id":"tQT7q8Cp8Rc5mwPUlN8g","title":"Whoami","pathname":"/whoami","siteSpaceId":"sitesp_unkBy","description":""},{"id":"gGqGBkTAjD7wjz1modC4","title":"cyber kill chain Arabic","pathname":"/whoami/cyber-kill-chain-arabic","siteSpaceId":"sitesp_unkBy","description":""},{"id":"d4gnSkTheqruBk87fYpZ","title":"Incident Response Process Arabic","pathname":"/whoami/incident-response-process-arabic","siteSpaceId":"sitesp_unkBy","description":""},{"id":"AtWzX6Y7CicbEfItVs4T","title":"PythonScripts","pathname":"/whoami/pythonscripts","siteSpaceId":"sitesp_unkBy"},{"id":"mz4biM0bfYel95QxrSuH","title":"BTL1 Notes","pathname":"/whoami/btl1-notes","siteSpaceId":"sitesp_unkBy","description":""},{"id":"TXnbQIU2bHdsMkJafbn9","title":"Threat Hunting Hypothesis","pathname":"/whoami/threat-hunting-hypothesis","siteSpaceId":"sitesp_unkBy"},{"id":"pxgKxuY4E8qmS5KtIoLc","title":"Boss Of The Soc V1","pathname":"/whoami/writesup/boss-of-the-soc-v1","siteSpaceId":"sitesp_unkBy","description":"","breadcrumbs":[{"label":"writesUp","icon":"pen-to-square"}]},{"id":"ojK2lW4JyDXYpUsMqSoK","title":"Network Hunting with zeek & wireshak","pathname":"/whoami/writesup/network-hunting-with-zeek-and-wireshak","siteSpaceId":"sitesp_unkBy","description":"","breadcrumbs":[{"label":"writesUp","icon":"pen-to-square"}]},{"id":"wEg3c2gIpRgWWWpXduic","title":"Hammered Cyberdefenders","pathname":"/whoami/writesup/hammered-cyberdefenders","siteSpaceId":"sitesp_unkBy","description":"Category : Digital Forensics Log Analysis Honeypot Apache2","breadcrumbs":[{"label":"writesUp","icon":"pen-to-square"}]},{"id":"JG4lym94CUT3faocyysj","title":"Hacked Cyberdefenders","pathname":"/whoami/writesup/hacked-cyberdefenders","siteSpaceId":"sitesp_unkBy","description":"Category : Digital Forensics  Medium \" Linux FTK Disk\"","breadcrumbs":[{"label":"writesUp","icon":"pen-to-square"}]},{"id":"vuGwl0V9It1phTJDAM8W","title":"HireMe CyberDefenders","pathname":"/whoami/writesup/hireme-cyberdefenders","siteSpaceId":"sitesp_unkBy","description":"Karen is a security professional looking for a new job. A company called \"TAAUSAI\"  offered her a position and asked her to complete a couple of tasks to prove her technical competency.","breadcrumbs":[{"label":"writesUp","icon":"pen-to-square"}]},{"id":"yrXOpnvaUxigTEC7ofHa","title":"Sysinternals cyberdefenders","pathname":"/whoami/writesup/sysinternals-cyberdefenders","siteSpaceId":"sitesp_unkBy","description":"Category : Digital Forensics   FTK Windows Disk","breadcrumbs":[{"label":"writesUp","icon":"pen-to-square"}]},{"id":"i5dt6SJ2538dco4XoTvg","title":"Hunting .Net Malware","pathname":"/whoami/writesup/hunting-.net-malware","siteSpaceId":"sitesp_unkBy","description":"To hunt for msbuild execution, focus on Sysmon logs where the image of the process contains \"msbuild.exe\". Msbuild is being used by attackers to compile and execute code (https://lolbas-project.github","breadcrumbs":[{"label":"writesUp","icon":"pen-to-square"}]},{"id":"fEcxOV10MNh85Hg7CjYt","title":"Unattended TryHackMe","pathname":"/whoami/writesup/unattended-tryhackme","siteSpaceId":"sitesp_unkBy","description":"Use your Windows forensics knowledge to investigate an incident.","breadcrumbs":[{"label":"writesUp","icon":"pen-to-square"}]},{"id":"a51ZgtlWxSVGzec0gdl2","title":"Disgruntled TryHackMe","pathname":"/whoami/writesup/disgruntled-tryhackme","siteSpaceId":"sitesp_unkBy","description":"Use your Linux forensics knowledge to investigate an incident.","breadcrumbs":[{"label":"writesUp","icon":"pen-to-square"}]},{"id":"6PsqhfL9qfFA9aQY6cd1","title":"RDP Cache Forensics","pathname":"/whoami/writesup/rdp-cache-forensics","siteSpaceId":"sitesp_unkBy","description":"","breadcrumbs":[{"label":"writesUp","icon":"pen-to-square"}]},{"id":"4cJqfbs3gzXq4N9bTBlh","title":"Use Case With elk","pathname":"/whoami/use-case-with-elk","siteSpaceId":"sitesp_unkBy","description":"ELK is an open source stack that consists of three applications (Elasticsearch, Logstash and Kibana)"},{"id":"z51sgB9b2r99AoLAjfF6","title":"Hunting with elk","pathname":"/whoami/hunting-with-elk","siteSpaceId":"sitesp_unkBy","description":""},{"id":"orRNSeEO45OUjiMO5ry4","title":"hunting with Splunk","pathname":"/whoami/hunting-with-splunk","siteSpaceId":"sitesp_unkBy","description":""},{"id":"rq1Rn2XruD1B1xHpf6f4","title":"Digital Forensics","pathname":"/whoami/digital-forensics","siteSpaceId":"sitesp_unkBy","description":""},{"id":"BsVzSXBasEwoLsoHrwLp","title":"SOC Roadmap \"Rooms and Challanges zero 2 hero \"","pathname":"/whoami/soc-roadmap-rooms-and-challanges-zero-2-hero","siteSpaceId":"sitesp_unkBy","description":""},{"id":"7E88swAIXiKHhDiuqQRB","title":"SOC Roadmap for Cat Reloaded Team","pathname":"/whoami/soc-roadmap-for-cat-reloaded-team","siteSpaceId":"sitesp_unkBy","description":""},{"id":"TRRuTJexKmWElBQLLI6H","title":"Soc Interviews","pathname":"/whoami/soc-interviews","siteSpaceId":"sitesp_unkBy","description":"hopeful that will be good guide to U"},{"id":"MtKc1KUii9Bc5ARVpPmD","title":"Investigating with Windows  Event Logs","pathname":"/whoami/investigating-with-windows-event-logs","siteSpaceId":"sitesp_unkBy"},{"id":"7Q7L8aUJDLCfi0rkZAjs","title":"Detect AD attacks","pathname":"/whoami/detect-ad-attacks","siteSpaceId":"sitesp_unkBy","description":"هحدثه كل فترة إن شاء الله"},{"id":"AARZIyKSTdeBQayzfYsV","title":"Hunt Evil","pathname":"/whoami/hunt-evil","siteSpaceId":"sitesp_unkBy"},{"id":"h7yXpVBC17D7wEFK2xrJ","title":"cs","pathname":"/whoami/cs","siteSpaceId":"sitesp_unkBy"},{"id":"9i0ygDRK3FF5Ss3k6Z6i","title":"KQL","pathname":"/whoami/kql","siteSpaceId":"sitesp_unkBy","description":"will be always updated"},{"id":"cAcg6WZxVKGukWHGUAGX","title":"Hunting with ATP","pathname":"/whoami/threat-hunting-series/hunting-with-atp","siteSpaceId":"sitesp_unkBy","breadcrumbs":[{"label":"Threat Hunting series","icon":"screwdriver"}]},{"id":"6k3I2kSsoGMOQJZGWyp6","title":"Hunting Attacks Using ATP part 2","pathname":"/whoami/threat-hunting-series/hunting-with-atp/hunting-attacks-using-atp-part-2","siteSpaceId":"sitesp_unkBy","description":"in progress","breadcrumbs":[{"label":"Threat Hunting series","icon":"screwdriver"},{"label":"Hunting with ATP"}]},{"id":"soGdJagIzEYyx8k2vpIk","title":"Hunting Attacks Using ATP part 1","pathname":"/whoami/threat-hunting-series/hunting-with-atp/hunting-attacks-using-atp-part-1","siteSpaceId":"sitesp_unkBy","description":"v1 in progress","breadcrumbs":[{"label":"Threat Hunting series","icon":"screwdriver"},{"label":"Hunting with ATP"}]},{"id":"Al7perCjSG7oP3nwR3Dj","title":"Introduction to Threat  Hunting","pathname":"/whoami/cthpv2-prep/introduction-to-threat-hunting","siteSpaceId":"sitesp_unkBy","breadcrumbs":[{"label":"CTHPv2 prep"}]},{"id":"BwxTjn8oq9X4hIqrVjWZ","title":"Threat Hunting Terminology","pathname":"/whoami/cthpv2-prep/threat-hunting-terminology","siteSpaceId":"sitesp_unkBy","breadcrumbs":[{"label":"CTHPv2 prep"}]},{"id":"aTBxhj7RAnAFFpWDtIYD","title":"Threat Intelligence","pathname":"/whoami/cthpv2-prep/threat-intelligence","siteSpaceId":"sitesp_unkBy","breadcrumbs":[{"label":"CTHPv2 prep"}]},{"id":"RuL5tu1xZjo54hNjH4mC","title":"Practical Exercise on threat intelligence","pathname":"/whoami/cthpv2-prep/practical-exercise-on-threat-intelligence","siteSpaceId":"sitesp_unkBy","breadcrumbs":[{"label":"CTHPv2 prep"}]},{"id":"mNIV63VdQayF0VV4vUK0","title":"part 1","pathname":"/whoami/attacks-and-detections/part-1","siteSpaceId":"sitesp_unkBy","description":"some of SOPs","breadcrumbs":[{"label":"Attacks & Detections"}]},{"id":"B4MbhfsL9sWgLq8sdMLW","title":"part 2","pathname":"/whoami/attacks-and-detections/part-2","siteSpaceId":"sitesp_unkBy","description":"some of SOPs","breadcrumbs":[{"label":"Attacks & Detections"}]},{"id":"rkdt2G3wwoKz9TEZoreV","title":"part 3","pathname":"/whoami/attacks-and-detections/part-3","siteSpaceId":"sitesp_unkBy","breadcrumbs":[{"label":"Attacks & Detections"}]},{"id":"mlyE3EQYzeRmoYalFkkN","title":"Part 4","pathname":"/whoami/attacks-and-detections/part-4","siteSpaceId":"sitesp_unkBy","description":"Some of SOPs","breadcrumbs":[{"label":"Attacks & Detections"}]},{"id":"E49OzIGjYQwgxlW2fSwp","title":"Part 5","pathname":"/whoami/attacks-and-detections/part-5","siteSpaceId":"sitesp_unkBy","description":"Some","breadcrumbs":[{"label":"Attacks & Detections"}]},{"id":"q1nGlrZ3uBEF6SzHiiu9","title":"Part 6","pathname":"/whoami/attacks-and-detections/part-6","siteSpaceId":"sitesp_unkBy","description":"Some of SOPs","breadcrumbs":[{"label":"Attacks & Detections"}]},{"id":"ugbGpQVwtqUVqq4tMF4Q","title":"Part 7","pathname":"/whoami/attacks-and-detections/part-7","siteSpaceId":"sitesp_unkBy","breadcrumbs":[{"label":"Attacks & Detections"}]},{"id":"7vCZ9QDeUrZ9eSwbrW9B","title":"Random Notes","pathname":"/whoami/random-notes","siteSpaceId":"sitesp_unkBy","description":"anythingggg searhed with them in my wooooork , will be always updated"},{"id":"pmnxrbCZFu3jT0SmyUBJ","title":"Windows forensics Random Notes","pathname":"/whoami/windows-forensics-random-notes","siteSpaceId":"sitesp_unkBy","description":"نوتس عشوائية"},{"id":"O0UVm8yF9ZedFVdffEG8","title":"File System Notes","pathname":"/whoami/file-system-notes","siteSpaceId":"sitesp_unkBy","description":"random notes"},{"id":"hwREZX05EsMwdFyRykep","title":"Memory forensics Notes","pathname":"/whoami/memory-forensics-notes","siteSpaceId":"sitesp_unkBy","description":"randommmmmm"},{"id":"8CYkMikwPeaB2PiTLNiZ","title":"working notes","pathname":"/whoami/working-notes","siteSpaceId":"sitesp_unkBy"},{"id":"6uzaSJXiPNdHnDiUV2GD","title":"MS SENTINEL","pathname":"/whoami/working-notes/ms-sentinel","siteSpaceId":"sitesp_unkBy","breadcrumbs":[{"label":"working notes"}]},{"id":"5GWvmhuZXv7apLtBDHii","title":"MDE Advanced Hunting (KQL)","pathname":"/whoami/working-notes/mde-advanced-hunting-kql","siteSpaceId":"sitesp_unkBy","breadcrumbs":[{"label":"working notes"}]}]}