4 entries
# writeups
Investigations, detections, lab notes, and CTF walkthroughs — written from the defender's seat.
lab easy
Detection Engineering: Writing Your First Sigma Rule
From an attacker's command to a portable detection rule — a hands-on intro to Sigma using a Mimikatz-style LSASS access pattern.
#sigma#detection-engineering#sysmon#attack#blue-team
OverTheWire easy
OverTheWire Bandit — From a Defender's Notebook
Walking through Bandit Level 0 → 1 not just to solve it, but to think about what each step would look like in SOC telemetry.
#ctf#linux#ssh#bandit#log-analysis
TryHackMe medium
TryHackMe PyRat — What a Defender Would Have Caught
Walking the PyRat room and annotating each attacker step with the log signature, SIEM query, and Sigma rule that would have caught it.
#ctf#tryhackme#python#rce#ssh#brute-force#blue-team
Lab notes easy
Linux File Search Commands for Incident Response
which, locate, and find — the three commands you'll lean on the most during a live Linux investigation.
#linux#incident-response#dfir#cheatsheet