2d ago · 7 min read · Part 1 of a series on building a detection engineering lab in Microsoft Sentinel from scratch. This post: writing my first detection, and the parsing bug that taught me more than the detection itself.
Join discussion
2d ago · 4 min read · Part 2 of a series on building a detection engineering lab in Microsoft Sentinel. This post: hunting malicious PowerShell with Sysmon, and the difference between volume detections and signature detect
Join discussion
Jun 4 · 3 min read · Introduction When people first imagine cybersecurity, the picture is often dramatic. Fast-paced hacking scenes, dark terminals, and instant system takeovers. But in real environments like SOC operatio
Join discussion
Jun 1 · 5 min read · A WAF can reduce risk, but it should never be treated as the only security control between an attacker and an application. The most important WAF failures are often not caused by exotic payloads. They
Join discussionMay 31 · 12 min read · I spent the last few weeks going through the TryHackMe SOC Team Internals module. Four rooms. Around four hours of actual learning. And a lot of things clicked that I had been reading about in theory
Join discussion
May 22 · 9 min read · Phishing is the number one attack vector used by cybercriminals worldwide. According to multiple threat intelligence reports, over 90% of data breaches begin with a phishing email. As a SOC Analyst, k
Join discussion
