I break things in the lab and investigate real incidents when they happen. Investigations, threat hunting, and understanding attacks from both sides.
| Role | Organization |
|---|---|
| SOC Analyst Intern (Tier 2) | Adversary Simulation | MYDFIR |
| SOC Intern / CTF Engineer (Contract) | LOG(N) Pacific Cyber Range |
| Project | Description |
|---|---|
| The Azuki Breach Saga | 4-part CTF series, 91 flags, 8-day ransomware intrusion, full kill chain investigation in MDE |
| 30-Day SOC Challenge | ELK Stack, 100K+ attacks captured, Mythic C2 simulation, custom detections |
| SOC & Honeynet in Azure | Live SOC environment in Azure, real attack traffic, threat detection, compliance mapping |
| SOC Cyber Range Investigations | Real-world threat activity investigated through hands-on detection and response inside a student cyber range |
| KDC Simulated Attack | Purple team exercise, 11-hour intrusion, 4 telemetry sources, 31 MITRE techniques, 5 detection rules |
| VHR-001 STORM-2603 Healthcare Ransomware Simulation | Full kill chain simulation modelling Storm-2603 healthcare targeting |
| Kerning City Dental | External black box pentest, 11 findings, full kill chain from recon to C2 in 61 minutes |
Real incident investigations, not labs.
| Investigation | Summary |
|---|---|
| DCSync Domain Compromise | mimikatz, lsass.exe, RemCom lateral movement, full domain takeover |
| AnyDesk Persistence | 19-day persistence on Domain Controller, scheduled task abuse |
| XorDDoS Botnet | 6 Linux VMs compromised, 120K targeted IPs, Microsoft abuse notification, 5 Sentinel rules deployed |
| Entra ID Credential Attack | Tor exit node signins, MFA bypass attempts, geo anomalies |
| WordPress PHP Backdoor | TERMOREK-IT shell upload, web server compromise |
| Phishing Campaign Analysis | Discord CDN payload delivery, typosquat domain |
| Linux Cryptominer Forensics | Memory analysis, IRC C2, mining pool connections |
| KDC Investigation Report | Purple team investigation, 11-hour intrusion, Sliver C2, credential dumping, exfil via Discord |
| MTS-PC-1 Stealc/Clipper Compromise | Memory forensics, 202 process injections, clipboard hijacker, TRON wallet theft |
| MTS-Web Server Compromise | Linux memory forensics, rootkit deployment, XMRig cryptominer, deleted binaries in memory |
| WeTransfer Phishing Analysis | Email analysis, WeTransfer impersonation, Turkish phishing kit, Document.zip payload |
| SWEEP Influencer Campaign | Two-stage phishing, YouTube creator targeting, credential harvesting, infrastructure OSINT |
| Course | Focus |
|---|---|
| MYDFIR SOC Analyst (90-Day) | Splunk, investigation methodology, Sigma/YARA, incident response |
| TCM Security SOC Level 1 | Phishing analysis, Wireshark, endpoint security |
| Antisyphon SOC Core Skills | Windows/Linux forensics, memory forensics, AD analysis |
FIND EVIL. BUILD DEFENSES.
Offense. Defense. Logic.