https://www.policytopackets.com/tags/http/ Recent content in HTTP on Policy to Packets Hugo -- gohugo.io en reedveggleston@gmail.com (Reed Eggleston) reedveggleston@gmail.com (Reed Eggleston) © 2026 Reed Eggleston Fri, 27 Feb 2026 14:45:00 +0000 https://www.policytopackets.com/writeups/letsdefend/challenges/brute-force-attacks/ Fri, 27 Feb 2026 14:45:00 +0000 reedveggleston@gmail.com (Reed Eggleston) https://www.policytopackets.com/writeups/letsdefend/challenges/brute-force-attacks/ Analyzing a PCAP and Linux auth.log to investigate HTTP, RDP, and SSH brute-force activity, identifying successful credential compromise, and quantifying failed login attempts. https://www.policytopackets.com/writeups/letsdefend/challenges/investigate_web_attack/ Mon, 23 Feb 2026 12:14:00 +0000 reedveggleston@gmail.com (Reed Eggleston) https://www.policytopackets.com/writeups/letsdefend/challenges/investigate_web_attack/ Analyzing raw Apache access logs with Bash tools to identify reconnaissance with Nikto, forced browsing, successful login brute force activity, and command injection leading to account creation on the target system. https://www.policytopackets.com/writeups/letsdefend/challenges/http_basic_auth./ Mon, 23 Feb 2026 11:41:00 +0000 reedveggleston@gmail.com (Reed Eggleston) https://www.policytopackets.com/writeups/letsdefend/challenges/http_basic_auth./ Analyzing a PCAP file to identify HTTP GET requests, enumerate server and client details from HTTP headers, and decode Basic Authentication credentials using Wireshark and CyberChef. https://www.policytopackets.com/writeups/letsdefend/soc/170_120/ Mon, 23 Feb 2026 11:10:00 +0000 reedveggleston@gmail.com (Reed Eggleston) https://www.policytopackets.com/writeups/letsdefend/soc/170_120/ Investigating a suspected local file inclusion alert after a directory traversal attempt targeted /etc/passwd, reviewing SIEM HTTP logs, and confirming the attack failed based on a 500 server response with no returned content. https://www.policytopackets.com/writeups/letsdefend/soc/169_119/ Sun, 22 Feb 2026 21:48:00 +0000 reedveggleston@gmail.com (Reed Eggleston) https://www.policytopackets.com/writeups/letsdefend/soc/169_119/ Investigating an IDOR alert after repeated POST requests incremented a user ID parameter, reviewing HTTP logs and response behavior, and confirming successful data exposure based on varying response sizes and consistent 200 status codes before escalating the case. https://www.policytopackets.com/writeups/letsdefend/soc/168_118/ Sat, 21 Feb 2026 23:46:00 +0000 reedveggleston@gmail.com (Reed Eggleston) https://www.policytopackets.com/writeups/letsdefend/soc/168_118/ Investigating a command injection alert after POST requests containing system commands targeted a web endpoint, validating attacker IP reputation and analyzing HTTP response behavior, confirming successful command execution through response size variation, and initiating containment and escalation due to a confirmed web shell. https://www.policytopackets.com/writeups/letsdefend/soc/167_117/ Sat, 21 Feb 2026 23:01:00 +0000 reedveggleston@gmail.com (Reed Eggleston) https://www.policytopackets.com/writeups/letsdefend/soc/167_117/ Investigating a command-injection alert after a URL triggered on the string “ls,” reviewing SIEM logs and threat intelligence data, and determining the activity was normal user browsing traffic that resulted in a false positive. https://www.policytopackets.com/writeups/letsdefend/soc/166_116/ Sat, 21 Feb 2026 21:18:00 +0000 reedveggleston@gmail.com (Reed Eggleston) https://www.policytopackets.com/writeups/letsdefend/soc/166_116/ Investigating an XSS alert after multiple JavaScript payloads were sent to a web application, validating the attacker IP reputation and reviewing HTTP response behavior, and confirming the attempts failed based on consistent 302 redirects and clean endpoint verification. https://www.policytopackets.com/writeups/letsdefend/soc/165_115/ Sat, 21 Feb 2026 18:15:00 +0000 reedveggleston@gmail.com (Reed Eggleston) https://www.policytopackets.com/writeups/letsdefend/soc/165_115/ Investigating a SQL injection alert after repeated crafted payloads targeted a web server, decoding and validating the requests through log analysis, reviewing source IP reputation across multiple threat intelligence sources, and confirming the attack was unsuccessful based on server responses and endpoint verification.