🛡️ TryHackMe SOC Level 1
This folder contains my TryHackMe SOC Level 1 labs, exercises, and case studies, covering SOC fundamentals, SIEM investigations, threat hunting, and incident response.
📂 TryHackMe SOC Level 1 Sections
1. Cyber Defense Frameworks
- Completed Modules: Junior Security Analyst Intro, Pyramid of Pain, Cyber Kill Chain, Unified Kill Chain, Diamond Model, MITRE, Summit, Eviction
- Case Studies:
- MITRE ATT&CK Mapping – Mapped real-world incidents to MITRE ATT&CK tactics and techniques to identify detection gaps.
- Cyber Kill Chain Simulation – Analyzed attack stages in a simulated environment to practice early detection and response strategies.
- Diamond Model Analysis – Applied the Diamond Model to investigate threat actor infrastructure, capabilities, and objectives.
2. Cyber Threat Intelligence
- Completed Modules: Intro to Cyber Threat Intel, Threat Intelligence Tools, Yara, OpenCTI, MISP, Friday Overtime, Trooper
- Case Studies:
- YARA Threat Detection – Created and applied YARA rules to detect malware patterns and indicators of compromise.
- MISP Intelligence Analysis – Leveraged MISP to aggregate threat intelligence and analyze correlations between incidents.
- OpenCTI Threat Investigation – Tracked threat actor TTPs using OpenCTI, identifying actionable intelligence for defense.
3. Network Security & Traffic Analysis
- Completed Modules: Traffic Analysis Essentials, Snort, Snort Challenge, NetworkMiner, Zeek, Wireshark, TShark, Brim
- Case Studies:
- Snort Live Attacks Challenge – Detected and analyzed simulated network attacks using Snort IDS rules and alert patterns.
- Wireshark Traffic Analysis – Examined packet captures to identify anomalies, suspicious protocols, and potential data exfiltration.
- Zeek Network Monitoring – Leveraged Zeek logs to track host activity, detect suspicious connections, and analyze network flows.
4. Endpoint Security Monitoring
- Completed Modules: Core Windows Processes, Sysinternals, Windows Event Logs, Sysmon, Osquery, Wazuh
- Case Studies:
- Sysinternals for Threat Hunting – Leveraged Sysinternals tools to analyze running processes, network connections, and persistence techniques.
- Sysmon Event Analysis – Built detections and investigated suspicious behavior using Sysmon logs.
- Endpoint Detection with Wazuh – Used Wazuh to collect and analyze endpoint logs for intrusion detection and monitoring.
5. Security Information and Event Management (SIEM)
- Completed Modules: Intro to SIEM, ELK101, ItsyBitsy (Splunk), Splunk Basics, Incident Handling with Splunk, Investigating with Splunk
- Case Studies:
- Investigating with ELK 101 – Built queries and dashboards to analyze authentication logs and detect anomalies.
- ItsyBitsy (Splunk) Investigation – Conducted hands-on analysis using Splunk to identify suspicious events and patterns.
- Incident Handling with Splunk – End-to-end incident investigation including detection, analysis, and reporting.
- Investigating with Splunk – Detailed investigations on scenarios like brute-force attempts and unauthorized access.
6. Digital Forensics & Incident Response (DFIR)
- Completed Modules: Windows Forensics, Linux Forensics, Autopsy, Redline, Volatility, Velociraptor, TheHive, Intro to Malware Analysis, Unattended, Disgruntled, Critical, Secret Recipe
- Case Studies:
- Unattended – Investigated unauthorized access by analyzing Windows event logs, registry artifacts, and user activity.
- Disgruntled – Insider threat case involving forensic analysis of file access and potential data exfiltration.
- Secret Recipe – Full end-to-end DFIR case involving malware, insider activity, and lateral movement.
7. Phishing Analysis & Prevention
- Completed Modules: Phishing Fundamentals, Phishing Tools, Greenholt Phish, Snapped Phish, Phishing Unfolding
- Case Studies:
- The Greenholt Phish – Analyzed a simulated phishing campaign to identify malicious emails, extract IOCs, and recommend mitigation strategies.
8. SOC Level 1 Capstone Challenges
- Completed Modules: Tempest, Boogeyman Series (1–3), Upload and Conquer, Hidden Hooks, BlackCat
- Case Studies:
- Boogeyman Series: Incident Correlation & Threat Detection – Investigated multi-stage attacks through SIEM event correlation, privilege escalation tracking, and lateral movement detection.
- Tempest Challenge: Full-Scope Threat Investigation – Conducted a complete SOC investigation including alert triage, PowerShell activity analysis, and identification of command-and-control communication.
📌 Skills Demonstrated
- SIEM & Log Analysis: Splunk, ELK
- Incident Response & DFIR: Volatility, Autopsy, Redline
- Endpoint Monitoring: Sysmon, Sysinternals, Wazuh
- Phishing Analysis: Email header & attachment triage
- Network Defense: Snort, Zeek, Wireshark
- Threat Intelligence: Yara, OpenCTI, MISP
Navigation
- Back to Portfolio Home