Windows security investigation analyzing failed authentication attempts using Event Viewer and Event ID 4625.
This repository is a structured, research-driven documentation of my journey...
Network traffic investigation using Wireshark to analyze HTTP traffic and identify network communication patterns.
Artefact conçu pour déplacer la surface d'action vers la représentation opérationnelle d'un système défensif. Pas d'exploitation, pas de persistance. L'espace cognitif comme terrain. Ce qui cesse d'être observé pendant la qualification est l'espace dans lequel il opère.
Network traffic investigation using Wireshark to analyze DNS, TCP, TLS and HTTP traffic.
Investigated suspicious Microsoft 365 sign in activity using portal triage, containment actions like session revocation and stronger authentication, then validated remediation and practiced structured KQL hunting patterns with Azure Monitor Logs demo data.
Enterprise security lab simulating Active Directory, SIEM, and internal attack scenarios in a virtual environment.
Analysis of APT34 tactics, techniques, and procedures (TTPs) with a focus on detection methods and threat identification.
Add a description, image, and links to the soc-analysis topic page so that developers can more easily learn about it.
To associate your repository with the soc-analysis topic, visit your repo's landing page and select "manage topics."