Scenario You are a forensic investigator at a financial institution, and your SIEM flagged unusual activity on a workstation with access to sensitive financial data. Suspecting a breach, you recei...

Sherlock Scenario Your SIEM system generated multiple alerts in less than a minute, indicating potential C2 communication from Simon Stark’s workstation. Despite Simon not noticing anything unusua...

Sherlock Scenario A junior member of our security team has been performing research and testing on what we believe to be an old and insecure operating system. We believe it may have been compromis...

Sherlock Scenario Alonzo Spotted Weird files on his computer and informed the newly assembled SOC Team. Assessing the situation it is believed a Kerberoasting attack may have occurred in the netwo...

Sherlock Scenario In this Sherlock, you will familiarize yourself with Sysmon logs and various useful EventIDs for identifying and analyzing malicious activities on a Windows system. Palo Alto’s U...

Overview This write-up documents the investigation of a SOC146 – Phishing Mail Detected (Excel 4.0 Macros) alert. The investigation follows the Let’s Defend SOC playbook workflow and demonstrates ...

This project demonstrates my SOC Automation Project 2.0, an end-to-end detection and response workflow that simulates how modern SOC teams combine SIEM, SOAR, and AI-assisted analysis to handle ale...

This project demonstrates an investigation of a website defacement incident from the Boss of the SOC V1 (2015) challenge, simulating real-world SOC analyst workflows using SIEM-based log analysis. ...

This project demonstrates a SOC Automation Home Lab focused on building detection and response capabilities using SIEM and SOAR concepts in a controlled lab environment. Key Highlights Implemen...