EPEdward Penaineddie-pena.com·Oct 10, 2025 · 6 min readOffSec CTF: ProtoVault BreachThe challenge provides a zip file. Download & Extract it with the PSW: BloodBreathSoulFire it gives us the project folders. You’ve been tasked with tracing the origin of the breach and uncovering the vulnerability before the anonymous adversary can...00
EPEdward Penaineddie-pena.com·Sep 16, 2025 · 1 min readPlaceholderI have to rethink how I’ll approach this series using Sysmon and PowerShell queries as I was hoping to use some scripts I gathered from my OffSec labs. Sadly, after reading their ToS, I found out they do not allow the posting, sharing, or external us...00
EPEdward Penaineddie-pena.com·Sep 16, 2025 · 3 min readTuning Sentinel Analytic Rules: Malicious IP Signon AttemptToday’s analytic rule had be second guessing myself. For starters, I believe this was a custom rule slapped together by one of the junior analyst. The rule logic is as follows: SigninLogs | where ResultsDescription contains "Sign-in was blocked becau...00
EPEdward Penaineddie-pena.com·Sep 11, 2025 · 2 min readHow to use Watchlists in Microsoft SentinelIn yesterday’s article, I went over how to create an allow list in a Sentinel Analytics query to exclude benign files. In that article, I hinted that a better solution was to create a watchlist in Sentinel to use as an allow list of safe files to avo...00
EPEdward Penaineddie-pena.com·Sep 10, 2025 · 7 min readTuning Sentinel Analytic Rules: New Executable via Office FileUploaded OperationSo this is going to be the beginning of a series where I document my journey into Detection Engineering. My main SIEM I’m using at this time is Microsoft Sentinel. This is a SIEM I’ve been dying to use at my old job and pitched the benefits of standi...00
