JJebitokinsharonjebitok.comEntra ID Monitoring (TryHackMe)Identity is now the primary attack surface in cloud environments. With Entra ID authentication endpoints exposed to the internet by design, attackers don't need to breach a network perimeter they just20h ago·27 min read
JJebitokinsharonjebitok.comDetecting AD Initial Access (TryHackMe)When people think about Active Directory attacks, they often jump straight to lateral movement and privilege escalation. But before any of that happens, an attacker needs a foothold and in most enterp19h ago·24 min read
LSLEWIS SAWEinlewisawe.hashnode.devSigHunt - TryHackMe Walk ThroughScenario You are hired as a Detection Engineer for your organization. During your first week, a ransomware incident has just concluded, and the Incident Responders of your organization have successful1d ago·15 min read
JJebitokinsharonjebitok.comCyber Crisis Management (TryHackMe)Cyber incidents don't always stay small. When an incident escalates beyond what the SOC or CSIRT can handle alone, organisations rely on a Crisis Management Team (CMT) to make high-stakes decisions un6d ago·19 min read
JJebitokinsharonjebitok.comIntro to Malware Analysis (TryHackMe)Malware analysis is a core skill for any SOC analyst or security professional. As part of working through TryHackMe's SOC path, I tackled the Intro to Malware Analysis room — and it turned out to be m6d ago·31 min read
RRridesh raju bijweinrideshcyber.hashnode.dev⭐ SOC250 – APT35 HyperScrape Data Exfiltration Tool Detected Walkthrough (EventID:212)In this case study, I investigated a high-severity alert from the LetsDefend platform: SOC250 – APT35 HyperScrape Data Exfiltration Tool Detected This alert simulates activity associated with APT35, aMar 7·4 min read
STSakshi Tripathiincia-triad-cybersecurity-grc-beginners.hashnode.devGRC Analyst Roadmap Day-8 : SOC / SOC 2 ExplainedIf you’re preparing for GRC Analyst roles, understanding SOC reports—especially SOC 2—is essential. These reports are widely asked about in interviews and frequently appear in job descriptions. Let’s Mar 5·4 min read
RRridesh raju bijweinrideshcyber.hashnode.dev⭐ SOC173 – Follina 0-Day Detected Walkthrough (EventID:123)A Malware Investigation Walkthrough | LetsDefend SOC Lab Today’s alert involves a well-known real-world vulnerability: Follina (CVE-2022-30190) – Microsoft Office Remote Code Execution Vulnerability SMar 4·4 min read
MGMarios Grivasindefprotocol.hashnode.devThe Ransomware Playbook: Anatomy of a Modern AttackRansomware is no longer just about encrypting files and demanding payment. It has evolved into a structured, multi-stage operation that mirrors professional software development and organized businessMar 3·4 min read
RRridesh raju bijweinrideshcyber.hashnode.dev⭐ SOC239 – Remote Code Execution Detected in Splunk Enterprise Walkthrough (EventID: 201)A Real SOC Investigation | LetsDefend Walkthrough Today’s alert is a serious one: ⭐ SOC239 -Remote Code Execution Detected in Splunk Enterprise Whenever “RCE” appears in an alert title, the severityMar 2·5 min read
