23h ago · 4 min read · In the high stakes world of cybersecurity, a Security Operations Center (SOC) often feels like a cockpit during an emergency. Alarms are screaming, screens are flashing, and the pressure to make a spl
Join discussion
Mar 7 · 4 min read · In this case study, I investigated a high-severity alert from the LetsDefend platform: SOC250 – APT35 HyperScrape Data Exfiltration Tool Detected This alert simulates activity associated with APT35, a
Join discussion
Mar 2 · 5 min read · A Real SOC Investigation | LetsDefend Walkthrough Today’s alert is a serious one: ⭐ SOC239 -Remote Code Execution Detected in Splunk Enterprise Whenever “RCE” appears in an alert title, the severity
Join discussion
Feb 28 · 4 min read · A Command Injection Investigation | LetsDefend SOC Lab Today’s alert immediately caught my attention: Whoami Command Detected in Request Body At first glance, it may look like a harmless Linux command
Join discussion
Feb 26 · 4 min read · Today, we’ll be investigating another LetsDefend SOC alert: SOC169 — Possible IDOR Attack Detected In this walkthrough, we’ll analyze how repeated web requests exposed a serious web application vulner
Join discussion
