Techniques and methodologies for active defense, incident analysis, threat monitoring and system hardening.
SOC analyst fundamentals: alert triage, incident management, Pyramid of Pain and investigation methodologies.
Forensic analysis of Windows, Linux, firewall and application logs. Anomaly detection and event correlation.
TTP identification using MITRE ATT&CK, creating detection rules and proactive threat hunting across the network.
Network traffic monitoring, packet analysis with Wireshark, C2 detection and analysis of malicious protocols.
Forensic acquisition and analysis of disk images, RAM, Windows artefacts and activity timelines.
Hardening guides for Windows and Linux, GPO configuration, CIS Benchmarks and attack surface reduction.