I fell down the rabbit hole. Turns out it’s full of Event IDs and detection logic.
Not sure where to start? Here’s a taste of what I’ve investigated
TryHackMe
Splunk
Investigate APT group activities focusing on stealthy command and control techniques.
TryHackMe
Splunk
Troubleshoot and correct log parsing issues to ensure accurate data ingestion.
TryHackMe
Splunk
Uncover malicious activity through analysis of Windows event logs.
TryHackMe
ELK Stack
Trace a full attack chain from phishing to ransomware deployment using ELK.
TryHackMe
ELK Stack
Investigate a ransomware infection via typo-squatted software, analyzing logs in Kibana.
TryHackMe
Wireshark
Analyze network traffic to uncover stages of a macro-based malware infection.
TryHackMe
Brim
Investigate IDS alerts and correlate network artifacts using Brim queries.