June 27, 2026 • Incident Response
A hands-on walkthrough of investigating a credential phishing attack and account takeover at Nexus Financial from suspicious sign-in alert to full attacker timeline, using Splunk, Entra ID logs, and Microsoft 365 audit trails.
Read more →May 20, 2026 • Incident Response
A full incident response walkthrough from initial alert triage on LimaCharlie EDR to memory acquisition, log correlation, and attack timeline reconstruction on a compromised Windows workstation.
Read more →February 27, 2026 • Log analysis
A practical guide to PCAP analysis for junior security analysts how to think like an investigator, spot malicious traffic, and not get tricked by attackers hiding in plain sight.
Read more →January 26, 2026 • Logs analysis
A practical SOC methodology that flips traditional log analysis on its head. Learn how thinking like an attacker focusing on missing data, perfect patterns, quiet activity, and suspicious successes helps analysts detect advanced compromises faster using simple Linux commands and real world techniques.
Read more →December 10, 2025 • Network Automation
A hands-on lab demonstrating how to configure router interfaces using NETCONF and YANG models with Cisco YANG Suite, focusing on structured and repeatable network automation.
Read more →October 30, 2025 • Network Automation
A beginner-friendly guide explaining what YANG models are, why they're essential for modern network automation, and how they work with tools like NETCONF and RESTCONF.
Read more →October 22, 2025 • Digital Forensic
A walkthrough of Windows registry forensic analysis from evidence acquisition to detailed artifact examination, following proper forensic procedures.
Read more →October 20, 2025 • Log Analysis
Analysis of the Initial Access Pot room: identifying brute-force attempts, locating a backdoor, escalation evidence, and persistence.
Read more →October 10, 2025 • Digital Forensic
Step-by-step guide on acquiring memory and disk from a compromised Windows VirtualBox machine for forensic analysis.
Read more →October 10, 2025 • Traffic Analysis
Packet-capture analysis of staged incident data (HTTP, RDP, SSH): identification of file transfer, remote access, and exfiltration indicators.
Read more →October 1, 2025 • SOC Triage
Lab activity walkthrough on monitoring, triage, investigation, and escalation of alerts as a SOC Tier 1 analyst.
Read more →September 24, 2025 • Email Analysis
Deep dive into phishing email analysis using Anomix, including headers, domains, threat intelligence, and full incident report.
Read more →September 4, 2025 • Email Analysis
A detailed comparison of manual email analysis using header extraction tools versus automated analysis with Anomix, highlighting accuracy, speed, and threat intelligence integration.
Read more →August 24, 2025 • Threat Detection
A practical guide to heuristic techniques every security analyst should know, with real-world examples across filesystem, process, network, memory, registry, code, and user behavior.
Read more →August 6, 2025 • Traffic Analysis
A comprehensive guide to Nmap scanning techniques including SYN, Connect, FIN, NULL, XMAS, UDP, and ACK scans, explained with traffic analysis and PCAP identification.
Read more →August 1, 2025 • Incident Response
In this blog, we walk through the process of analyzing web server logs after a compromise. Using log analysis, we uncover the attacker's brute force method, successful login, access to sensitive files, and exfiltration techniques. This post provides a detailed approach to understanding and responding to a server breach.
Read more →July 30, 2025 • Malware Analysis
Step-by-step static analysis of a .NET-based malware sample, including unpacking, PE structure review, and strings investigation.
Read more →July 30, 2025 • Incident Response
Comprehensive forensic investigation into a suspected Volt Typhoon intrusion. Covers initial access via Zoho ManageEngine ADSelfService Plus, execution using WMIC, credential dumping, lateral movement, and log tampering tactics.
Read more →July 30, 2025 • Network Automation
A simple introduction to network automation, APIs, YANG models, Python tools, and model-driven management using NETCONF and RESTCONF.
Read more →July 30, 2025 • Malicious Email Analysis
Detailed phishing email investigation revealing credential theft attempt via Base64-encoded HTML and malicious Google Cloud Run domain.
Read more →July 30, 2025 • Malicious Email Analysis
Manual analysis of a suspicious email spoofing AT&T, containing obfuscated Base64 HTML and spray-and-pray recipient targeting. Classified as high-risk credential phishing attempt.
Read more →July 29, 2025 • Logs analysis
A comprehensive guide to using Windows Event Viewer for effective log analysis, threat detection, and system monitoring
Read more →July 6, 2025 • SOC Triage
This blog covers the step-by-step triage of a suspicious phishing email alert in a simulated SOC environment. We examine the context, threat indicators, and recommended actions to determine if the attachment poses a risk to the organization.
Read more →July 6, 2025 • SOC Triage
This blog post covers the triage of a suspicious process detected in a SOC simulator, where a nslookup.exe command, launched by PowerShell, suggests potential DNS exfiltration. We analyze the alert details and provide insights on how to handle similar security incidents.
Read more →April 11, 2025 • Digital Forensic
In this forensic walkthrough, we dive into a real-world scenario involving an abandoned Dell CPi notebook suspected of being used for wireless hacking activities. Using a multi-part disk image, we uncover traces of hacking tools, analyze usage artifacts, and attempt to link the digital evidence to the alleged hacker known as 'Mr. Evil.' Join me as we explore how digital forensics helps trace the footsteps of a cyber intruder and piece together their digital trail
Read more →March 11, 2025 • Traffic Analysis
This guide demonstrates how to use tcpdump to analyze and capture network traffic
Read more →February 8, 2025 • Digital Forensic
Acquire the critical skills of evidence preservation, disk imaging, and artefact analysis for use in court.
Read more →February 8, 2025 • Digital Forensic
This memory dump originates from a compromised system. Perform in-depth forensics to explore its internals.
Read more →February 1, 2025 •
This case study presents a simulated attack against a vulnerable Ubuntu-based environment and concludes with a comprehensive incident response investigation using Redline and other forensic tools.
Read more →February 1, 2025 • Incident Response
An Exchange server was compromised with ransomware. Use Splunk to investigate how the attackers compromised the server.
Read more →February 1, 2025 • Traffic Analysis
In this walkthrough, we’ll use Wireshark to analyze a packet capture and detect a brute-force attack on an FTP server. You’ll learn how to filter FTP traffic, identify repeated login attempts, and trace the attacker's IP address.
Read more →February 1, 2025 • Digital Forensic
Using Volatility to Perform Memory Forensics and Extract Flags
Read more →February 1, 2025 • Incident Response
You are involved in an incident response engagement and need to analyze an infected host using Redline
Read more →January 28, 2025 • Tooling
Analyze Windows Security Event logs to investigate an attempted RDP brute-force attack.
Read more →January 23, 2025 • Log analysis
Analyze Windows Security Event logs to investigate an attempted RDP bruteforce attack.
Read more →January 22, 2025 • Digital Forensic
Step-by-step memory dump analysis using Volatility to investigate a phishing attack involving PowerShell payloads and .lnk file obfuscation.
Read more →January 16, 2025 • Wireshark
This guide demonstrates how to analyze malware traffic using Wireshark,focusing on identifying exploitation attempts and understanding TCP traffic patterns
Read more →January 16, 2024 • Traffic Analysis
Apply your analytical skills to analyze the malicious network traffic using Wireshark
Read more →