Objective The primary goal of this project was to architect and deploy a fully functional Security Operations Center (SOC) environment that integrates physical network telemetry with virtualized e...

Purpose Standardize Tier 1 triage for suspicious PowerShell alerts in lab and simulation workflows. Required Data EDR or endpoint process telemetry Windows Security logs (Event ID 4688) A...

Alert Summary Initial investigation began with one suspected infected endpoint in a ransomware simulation. Evidence Observed Repeated outbound traffic with consistent interval behavior Beac...

In the SANS SEC504 course, I focused on the unique misconfigurations found in cloud environments, specifically AWS S3 buckets and Cloud metadata services. The goal was to understand how simple conf...

Scenario Platform: TryHackMe (Room: Warzone 1) Role: Tier 1 SOC Analyst Objective: Triage a high-priority IDS alert by analyzing a provided packet capture (Zone1.pcap) to confirm Command and Contr...

Scope Quick-reference event IDs used regularly in SOC triage and investigation workflows. Event ID 4688 - Process Creation Use to confirm process execution details: Process name Command-li...

Alert Summary Detection triggered for suspicious PowerShell execution on host WIN-01 under user jsmith. Evidence Observed Event ID 4688 – Process creation Command line included base64-encod...

In the SANS SEC504 course, I targeted the “Falsimentis Customer Support” portal to identify and exploit common web vulnerabilities found in the OWASP Top 10. Here is the step-by-step methodology I...

In the SANS SEC504 course, I explored the techniques used to capture and crack credentials. Credentials are the keys to the kingdom; acquiring them allows an attacker to bypass sophisticated exploi...

In the SANS SEC504 course, I performed comprehensive network reconnaissance against a simulated corporate network (“Falsimentis”). The goal was to map the attack surface, identify running services,...