# SOC & DFIR

- [IR](https://viettaliii.gitbook.io/home/soc-and-dfir/ir.md)
- [Public Key Infrastructure](https://viettaliii.gitbook.io/home/soc-and-dfir/ir/public-key-infrastructure.md)
- [DFIR](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir.md): Nội dung này được lấy từ LetsDefend được dịch sang tiếng việt
- [Basics of Hard Disks and File Systems](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir/basics-of-hard-disks-and-file-systems.md)
- [Windows Data Acquisition](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir/windows-data-acquisition.md)
- [Anti-Forensic Techniques](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir/anti-forensic-techniques.md)
- [Digital Forensics on Linux](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir/digital-forensics-on-linux.md)
- [Windows Memory Forensics](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir/windows-memory-forensics.md)
- [Linux Memory Forensics](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir/linux-memory-forensics.md)
- [Network Forensics](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir/network-forensics.md)
- [Email Forensics](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir/email-forensics.md)
- [Android Forensics](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir/android-forensics.md)
- [Reversing Malware](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir/reversing-malware.md)
- [Linux Forensics](https://viettaliii.gitbook.io/home/soc-and-dfir/dfir/linux-forensics.md)
- [SOC Fundamentals](https://viettaliii.gitbook.io/home/soc-and-dfir/soc-fundamentals.md)
- [Introduction to SOC](https://viettaliii.gitbook.io/home/soc-and-dfir/soc-fundamentals/introduction-to-soc.md)
- [SOC Types and Roles](https://viettaliii.gitbook.io/home/soc-and-dfir/soc-fundamentals/soc-types-and-roles.md)
- [SOC Analyst and Their Responsibilities](https://viettaliii.gitbook.io/home/soc-and-dfir/soc-fundamentals/soc-analyst-and-their-responsibilities.md)
- [SIEM and Analyst Relationship](https://viettaliii.gitbook.io/home/soc-and-dfir/soc-fundamentals/siem-and-analyst-relationship.md)
- [Log Management](https://viettaliii.gitbook.io/home/soc-and-dfir/soc-fundamentals/log-management.md)
- [EDR - Endpoint Detection and Response](https://viettaliii.gitbook.io/home/soc-and-dfir/soc-fundamentals/edr-endpoint-detection-and-response.md)
- [SOAR (Security Orchestration Automation and Response)](https://viettaliii.gitbook.io/home/soc-and-dfir/soc-fundamentals/soar-security-orchestration-automation-and-response.md)
- [Threat Intelligence Feed](https://viettaliii.gitbook.io/home/soc-and-dfir/soc-fundamentals/threat-intelligence-feed.md)
- [Common Mistakes made by SOC Analysts](https://viettaliii.gitbook.io/home/soc-and-dfir/soc-fundamentals/common-mistakes-made-by-soc-analysts.md)
- [Network](https://viettaliii.gitbook.io/home/soc-and-dfir/network.md)
- [Network Fundamentals](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-fundamentals.md)
- [I. Introduction to Network Fundamentals](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-fundamentals/i.-introduction-to-network-fundamentals.md)
- [II. Types of Networks](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-fundamentals/ii.-types-of-networks.md)
- [III. Network Togologies](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-fundamentals/iii.-network-togologies.md)
- [IV. OSI Reference Model](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-fundamentals/iv.-osi-reference-model.md)
- [V. Network Devices](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-fundamentals/v.-network-devices.md)
- [VI. TCP/IP Model](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-fundamentals/vi.-tcp-ip-model.md)
- [VII. IP Addressing Mechanism](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-fundamentals/vii.-ip-addressing-mechanism.md)
- [VIII. Network Address Translation (NAT)](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-fundamentals/viii.-network-address-translation-nat.md)
- [Network Protocols](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-protocols.md)
- [I. Transmission Control Protocol (TCP)](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-protocols/i.-transmission-control-protocol-tcp.md)
- [II. User Datagram Protocol (UDP)](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-protocols/ii.-user-datagram-protocol-udp.md)
- [Network Packet Analysis](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-packet-analysis.md)
- [Introduction to Network Packet Analysis](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-packet-analysis/introduction-to-network-packet-analysis.md)
- [TcpDump](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-packet-analysis/tcpdump.md)
- [Wireshark](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-packet-analysis/wireshark.md)
- [Network Log Analysis](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-log-analysis.md)
- [Generic Log Analysis (Netflow)](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-log-analysis/generic-log-analysis-netflow.md)
- [Firewall Log Analysis](https://viettaliii.gitbook.io/home/soc-and-dfir/network/network-log-analysis/firewall-log-analysis.md)
- [OS](https://viettaliii.gitbook.io/home/soc-and-dfir/os.md)
- [Windows Fundamentals](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals.md)
- [I. Introduction to Windows](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/i.-introduction-to-windows.md)
- [II. Windows Filesystems](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/ii.-windows-filesystems.md)
- [III. Directory Structure](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/iii.-directory-structure.md)
- [IV. Windows Command Line](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/iv.-windows-command-line.md)
- [V. Windows Users and Groups](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/v.-windows-users-and-groups.md)
- [VI. Permissions Management on Windows](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/vi.-permissions-management-on-windows.md)
- [VII. Windows Process Management](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/vii.-windows-process-management.md)
- [VIII. Windows Services](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/viii.-windows-services.md)
- [IX. Task Scheduler Windows](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/ix.-task-scheduler-windows.md)
- [X. Windows Registry](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/x.-windows-registry.md)
- [XI. Windows Firewall](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/xi.-windows-firewall.md)
- [XII. Event Logs](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/xii.-event-logs.md)
- [XIII. Windows Management Instrumentation (WMI)](https://viettaliii.gitbook.io/home/soc-and-dfir/os/windows-fundamentals/xiii.-windows-management-instrumentation-wmi.md)
- [Techniques](https://viettaliii.gitbook.io/home/soc-and-dfir/techniques.md)
- [Phishing Email Analysis](https://viettaliii.gitbook.io/home/soc-and-dfir/techniques/phishing-email-analysis.md)
- [Introduction to Phishing](https://viettaliii.gitbook.io/home/soc-and-dfir/techniques/phishing-email-analysis/introduction-to-phishing.md)
- [Information Gathering](https://viettaliii.gitbook.io/home/soc-and-dfir/techniques/phishing-email-analysis/information-gathering.md)
- [What is an Email Header and How to Read Them?](https://viettaliii.gitbook.io/home/soc-and-dfir/techniques/phishing-email-analysis/what-is-an-email-header-and-how-to-read-them.md)
- [Email Header Analysis](https://viettaliii.gitbook.io/home/soc-and-dfir/techniques/phishing-email-analysis/email-header-analysis.md)
- [Static Analysis](https://viettaliii.gitbook.io/home/soc-and-dfir/techniques/phishing-email-analysis/static-analysis.md)
- [Dynamic Analysis](https://viettaliii.gitbook.io/home/soc-and-dfir/techniques/phishing-email-analysis/dynamic-analysis.md)
- [Additional Techniques](https://viettaliii.gitbook.io/home/soc-and-dfir/techniques/phishing-email-analysis/additional-techniques.md)
- [VirusTotal for SOC analysts](https://viettaliii.gitbook.io/home/soc-and-dfir/techniques/virustotal-for-soc-analysts.md)
- [Practices](https://viettaliii.gitbook.io/home/soc-and-dfir/practices.md)
- [6. SOC138 - Detected Suspicious Xls File](https://viettaliii.gitbook.io/home/soc-and-dfir/practices/6.-soc138-detected-suspicious-xls-file.md)
- [5. SOC119 - Proxy - Malicious Executable File Detected](https://viettaliii.gitbook.io/home/soc-and-dfir/practices/5.-soc119-proxy-malicious-executable-file-detected.md)
- [4. SOC104 - Malware Detected](https://viettaliii.gitbook.io/home/soc-and-dfir/practices/4.-soc104-malware-detected.md)
- [3. SOC114 - Malicious Attachment Detected - Phishing Alert](https://viettaliii.gitbook.io/home/soc-and-dfir/practices/3.-soc114-malicious-attachment-detected-phishing-alert.md)
- [2. SOC120 - Phishing Mail Detected - Internal to InternalName](https://viettaliii.gitbook.io/home/soc-and-dfir/practices/2.-soc120-phishing-mail-detected-internal-to-internalname.md)
- [1. SOC140 — Phishing Mail Detected — Suspicious Task Scheduler](https://viettaliii.gitbook.io/home/soc-and-dfir/practices/1.-soc140-phishing-mail-detected-suspicious-task-scheduler.md)
- [IT Security Basis for Corporates](https://viettaliii.gitbook.io/home/soc-and-dfir/it-security-basis-for-corporates.md)
- [Interview Questions](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions.md): Interview questions and answers.
- [Tấn công Social Engineering](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/tan-cong-social-engineering.md)
- [TTPs In Cyber Threat Intelligence](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/ttps-in-cyber-threat-intelligence.md)
- [Brute-force attack](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/brute-force-attack.md)
- [Pass-the-hash attack](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/pass-the-hash-attack.md)
- [What is Scanning?](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/what-is-scanning.md)
- [Sniffing attack](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/sniffing-attack.md)
- [Phishing, Spear Phishing, Whaling, Vishing](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/phishing-spear-phishing-whaling-vishing.md)
- [What is an exploit and payload?](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/what-is-an-exploit-and-payload.md)
- [What is Spoofing?](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/what-is-spoofing.md)
- [DOS and DDOS attack](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/dos-and-ddos-attack.md)
- [SYN flood attack](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/syn-flood-attack.md)
- [ARP Poisoning](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/arp-poisoning.md)
- [Man-in-the-Middle attack](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/man-in-the-middle-attack.md)
- [DNS Poisoning](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/dns-poisoning.md)
- [DNS Tunneling](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/dns-tunneling.md): Đường hầm DNS
- [What is drive-by-download?](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/what-is-drive-by-download.md)
- [Malware and Types of Malware](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/malware-and-types-of-malware.md)
- [What is file less malwares or file less attack?](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/what-is-file-less-malwares-or-file-less-attack.md)
- [What is OWASP?](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/what-is-owasp.md)
- [SQL Injection](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/sql-injection.md)
- [Cross Site Scripting (XSS)](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/cross-site-scripting-xss.md)
- [Cross Site Request Forgery (CSRF)](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/cross-site-request-forgery-csrf.md)
- [Broken Authentication](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/broken-authentication.md)
- [Broken Access Control](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/broken-access-control.md)
- [XXE Injection](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/xxe-injection.md)
- [LDAP Injection](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/ldap-injection.md)
- [SSTI Injection](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/ssti-injection.md)
- [Path Traversal](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/path-traversal.md)
- [Command Injection](https://viettaliii.gitbook.io/home/soc-and-dfir/interview-questions/command-injection.md)
- [Snort](https://viettaliii.gitbook.io/home/soc-and-dfir/snort.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://viettaliii.gitbook.io/home/soc-and-dfir.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.