Joseph Elbert

https://josephelbert.github.io/Joseph Elbertjosephelbert.github.io personal cybersecurity focused blog 2026-04-03T20:10:32+00:00 Joseph Elbert https://josephelbert.github.io/ Jekyll © 2026 Joseph Elbert /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png Hunting an APT with Splunk: Initial Access (BOTS v2)2026-04-03T00:00:00+00:00 2026-04-03T00:00:00+00:00 https://josephelbert.github.io/posts/bots-v2-apt-initial-access/ Joseph Elbert

Two hypothesis-driven threat hunts against the Splunk BOTS v2 dataset tracing a spearphishing campaign from email delivery through malicious file execution, uncovering a two-wave attack that evaded detection on the second attempt.

Hunting an APT with Splunk: Reconnaissance (BOTS v2)2026-04-02T00:00:00+00:00 2026-04-03T20:09:58+00:00 https://josephelbert.github.io/posts/bots-v2-apt-reconnaissance/ Joseph Elbert

A walkthrough of two hypothesis-driven threat hunts against the Splunk BOTS v2 dataset, uncovering North Korean reconnaissance activity against a fictional brewing company using user agent string analysis and open-source intelligence.

CyberDefenders: AzurePot Lab2026-01-26T00:00:00+00:00 2026-04-03T00:47:05+00:00 https://josephelbert.github.io/posts/cyberdefenders-azurepot-lab/ Joseph Elbert

CyberDefenders: AzurePot Lab Overview In this lab, I will analyze a compromised Ubuntu Linux honeypot that was deployed on Microsoft Azure in October 2021. The honeypot was specifically designed to attract attackers exploiting CVE-2021-41773, a critical vulnerability in Apache HTTP Server that allows for path traversal and remote code execution (RCE). This vulnerability was actively targeted ...

CyberDefenders: BlueSky Lab2026-01-25T00:00:00+00:00 2026-03-10T04:55:36+00:00 https://josephelbert.github.io/posts/cyberdefenders-bluesky-lab/ Joseph Elbert

CyberDefenders: BlueSky Lab Overview This lab walkthrough provides an in-depth investigation into a ransomware attack leveraging the BlueSky ransomware family. The exercise is designed to help cybersecurity analysts identify and analyze various stages of a sophisticated attack, from initial compromise to credential dumping, lateral movement, and ransomware deployment. By examining network tra...

CyberDefenders: LGDroid Lab2025-12-07T00:00:00+00:00 2026-03-10T04:55:36+00:00 https://josephelbert.github.io/posts/cyberdefenders-lgdroid-lab/ Joseph Elbert

CyberDefenders: LGDroid Lab Overview The LGDroid Lab challenges you to step into the role of a SOC analyst tasked with investigating a disk dump from an Android mobile device. This scenario simulates a real-world forensic investigation, requiring a deep dive into the data to extract critical insights. By analyzing various artifacts such as SQLite databases, log files, application data, and mu...