Feb 12 · 17 min read · This write-up covers TryHackMe’s AWS Security Logging room, which focuses on monitoring AWS cloud environments using CloudTrail and GuardDuty. The challenge explores three key security areas: Control Plane monitoring, Managed Services, and Workload s...
Join discussion
Feb 10 · 4 min read · Today we are going to investigate SOC257 – VPN Connection Detected from Unauthorized Country. Even though the severity of this alert is Low, it still has its own importance. The main challenge here is confirming whether the attacker actually gained a...
Join discussion
Jan 16 · 3 min read · Disclaimer Based on real-world occurrences and past analysis, this scenario presents a narrative with invented names, characters, and events. Please note: The phishing kit used in this scenario was retrieved from a real-world phishing campaign. Hence...
Join discussion
Jan 12 · 4 min read · Task 1: Oh no! We've been hacked! It seems like our machine got hacked by an anonymous threat actor. However, we are lucky to have a .pcap file from the attack. Can you determine what happened? Download the .pcap file and use Wireshark to view it. ...
Join discussion
Dec 12, 2025 · 12 min read · This write-up came a little later than expected. The initial version of the Microsoft Sentinel environment was quite difficult to access, and it slowed down a lot of the hands-on progress. Thankfully, TryHackMe updated the Azure access, making everyt...
Join discussion
Sep 13, 2025 · 3 min read · As part of my role on the SOC team at Managed Server Provider TrySecureMe, I was tasked with investigating suspicious findings that had been escalated by an L1 analyst. The flagged indicators included a suspicious IP address and a SHA256 hash. Using ...
Join discussion
May 15, 2025 · 2 min read · Working as a Student SOC Analyst at LSU Shreveport has given me the chance to experience firsthand how real-world threat detection works — and recently, I encountered my first true positive security incident that tested my analytical and investigativ...
Join discussion
Jul 12, 2024 · 4 min read · In the ever-evolving world of cybersecurity, understanding how attackers operate is critical to building effective defenses. The cyber kill chain is a powerful framework that breaks down a cyberattack into distinct stages, allowing security professio...
Join discussion
Jul 28, 2022 · 2 min read · SOC Analyst A SOC analyst is a cybersecurity professional who works as part of a team to monitor and fight threats to an organization's IT infrastructure, and to assess security systems and measures for weaknesses and possible improvements. The Main ...
Join discussion