Writeups
This section showcases structured SOC-style investigations conducted using public threat datasets.
Each entry emphasizes packet-level validation, indicator extraction, and incident-focused reporting rather than step-by-step lab walkthroughs.
Featured Writeups
SOC Network Traffic Investigation
Structured malware PCAP investigation identifying infected host, confirming payload delivery, and validating encrypted follow-on communication.
Focus: Wireshark analysis, TLS inspection, IOC extraction, single-host impact validation
View WriteupIncident Response – NetSupport RAT
PCAP-based incident investigation confirming command-and-control (C2) activity through DNS resolution, TLS SNI validation, HTTP POST beaconing, and TCP stream inspection.
Focus: IDS correlation, C2 validation, application-layer analysis, structured incident reporting
View WriteupInvestigation Structure
Each investigation follows a structured workflow aligned with SOC operations:
- Defined investigation scope
- Environment and dataset identification
- Host pivot and traffic scoping
- Protocol-level and application-layer validation
- Indicator extraction
- Impact assessment and containment recommendations
The objective is to demonstrate practical SOC investigative thinking aligned with real-world alert escalation and incident response processes.