New article: SOC Homelab #5
Investigated AD authentication & lateral movement in Splunk, including logons, Kerberos, SMB admin shares, Sysmon, and attempted WinRM/WMI/Scheduled Tasks execution.👇
https://t.co/nspvTsFrlY
#CyberSecurity#SOC#Splunk
Built a detection workflow in my SOC homelab to investigate suspicious PowerShell activity using Sysmon, PowerShell logging, and Splunk.
In this article I identified an encoded PowerShell command, detected hidden execution...
https://t.co/qg3aFra9Ny
#CyberSecurity#Splunk#SOC
While building my SOC homelab, I solved issues involving Sysmon ingestion, DNS, time synchronization, and network segmentation.
Documented all 6 challenges in my latest article.
👉https://t.co/zvV3eW1yg8
#CyberSecurity#SOCAnalyst#SIEM#Splunk
I investigated a Volt Typhoon-inspired intrusion using a real-world SOC methodology rather than a typical lab approach.
A full incident report: timeline reconstruction, threat hunting & MITRE ATT&CK mapping 👇
https://t.co/iNMZrhl3hs
#CyberSecurity#SOCAnalyst#ThreatHunting
Built a SOC homelab from scratch featuring Active Directory, pfSense, Sysmon, Windows Event Logging, and Splunk Enterprise.
In this new article I get into Networking, Segmentation, Firewall, Logs and Telemetry details
👉https://t.co/GUMPFHuYqe
#Cybersecurity#Splunk#homelab
100+ cybersecurity labs taught me incident response, building my own SOC homelab taught me how enterprise systems actually work.
pfSense | AD | Win11 | Splunk | Sysmon | Centralized logs
New blog series is live:
https://t.co/jlPp5fnQlz
#CyberSecurity#SOCAnalyst#BlueTeam
I knew enough to become a SOC analyst.
But how do you think like one?
I reviewed CyberDefenders CCDL1, a cert built around real SOC investigations: Splunk, Sentinel, DFIR, phishing analysis & cloud security workflows.
👉 https://t.co/tcnsjovBtM
#cybersecurity#BlueTeam#DFIR
I published a Conti ransomware investigation treating it like a live SOC incident, not a CTF. Full attack chain analysis using Splunk: web shell, credential dumping, privilege escalation, persistence & execution.
https://t.co/BThYfkC1tm
#CyberSecurity#SOC#DFIR#ThreatHunting
Thrilled to now be a #CertifiedCyberDefender!
@CyberDefenders CCDL1 strengthened my SOC skills with advanced Splunk, Windows/Linux forensics & AWS cloud investigations. Learned investigative workflows & MITRE ATT&CK usage to tackle real-world threats
#SOCAnalyst#BlueTeam#DFIR
A new DFIR writeup on investigating a phishing attack using Volatility & Olevba.
It covers malicious macros, memory forensics, C2 analysis, process investigation & persistence detection from the TryHackMe Boogeyman 2 room.
👉https://t.co/edvsSxScQW
#CyberSecurity#SOCAnalyst
A “Potential Ransom Note” alert turned into a full ransomware investigation across endpoint, network, and AWS logs.
In this write-up, I break down how I reconstructed the attack using Splunk:
📖 https://t.co/yNEWtmg7jb
#CyberSecurity#ThreatHunting#SOCAnalyst#Ransomware
🔍Just published a detailed SOC investigation based on a TryHackMe CTF, analyzing a multi-stage attack using Splunk. From malicious file execution to credential dumping with Mimikatz and lateral movement.
🔗 https://t.co/Q4HyjS5UeV
#CyberSecurity#Splunk#ThreatHunting
🕵️♂️I Investigated a full attack chain:
Brute force → Web shell → Data exfiltration
Working with:
· Web server and WAF logs
· XDR telemetry
· MITRE ATT&CK mapping
TryHackMe First Shift CTF: Task 5 Writeup
👉 https://t.co/8y8fpE0Ya4
#CyberSecurity#SOCAnalyst#BlueTeam
Linux kernel 7.0 is now available, featuring stable Rust support and updates to filesystems, networking, virtualization, and security.
https://t.co/cj0Zfhv9QN
#Linux#Kernel#OpenSource
📣 I partnered with @13CubedDFIR for another giveaway! 🎁
🏆 Five winners will receive a 13Cubed course of their choice from the list below + a Forensicator T-Shirt.
13Cubed Courses:
- Investigating Windows Endpoints
- Investigating Windows Memory
- Investigating Linux Devices
- Investigating macOS Endpoints
Each course comes with a Certificate of Completion as well as Certification attempts!
On April 25th, entries across social media platforms will be combined, and the five winners will be selected.
To Enter:
✅ Like
✅ Share
✅ Comment which course you want to win the most
For more information ⬇️
Link to 13Cubed Training: https://t.co/xbinmzAm3g
13Cubed Merch Store: https://t.co/021POuBvGj
#DFIR #DigitalForensics #IncidentResponse