Eric’s Substack
Subscribe
Sign in
Home
Notes
Tools & Resources
General Technology
Archive
Leaderboard
About
Latest
Top
Discussions
So you want to be a SOC Analyst? 2.0
A revamp of the original SYWTBSA blog series, condensed and self-contained in a cloud-hosted lab VM. No local VM required!
Nov 3, 2023
•
Eric Capuano
16
Share this post
So you want to be a SOC Analyst? 2.0
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
October 2023
So you want to be a SOC Analyst? Part 6
Let's get a little more advanced with our detection rules by leveraging automated YARA scanning.
Oct 30, 2023
•
Eric Capuano
9
Share this post
So you want to be a SOC Analyst? Part 6
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
19
So you want to be a SOC Analyst? Part 5
So now you can write detections, which means you will soon learn about false positives; let's practice tuning those.
Oct 29, 2023
•
Eric Capuano
10
Share this post
So you want to be a SOC Analyst? Part 5
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
4
Threat Hunting with Velociraptor - Long Tail Analysis Lab
Leverage "rarity" in Velociraptor hunts to identify outliers with a hands-on lab using data generated from 10 systems, one of which is compromised.
Oct 28, 2023
•
Eric Capuano
8
Share this post
Threat Hunting with Velociraptor - Long Tail Analysis Lab
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
May 2023
VMware Memory Analysis with MemProcFS
A lab guide for analyzing an infected memory image of a running VMware system with MemProcFS.
May 27, 2023
•
Eric Capuano
7
Share this post
VMware Memory Analysis with MemProcFS
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
April 2023
Capturing & Parsing Forensic Triage Acquisitions for Investigation Timelining
This guide will walk you though capturing and processing triage acquisitions into forensic timelines, step-by-step, with a VM containing all needed…
Apr 12, 2023
•
Eric Capuano
11
Share this post
Capturing & Parsing Forensic Triage Acquisitions for Investigation Timelining
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
8
March 2023
Find Threats in Event Logs with Hayabusa
A powerful technique for finding threats in Windows event logs.
Mar 21, 2023
•
Eric Capuano
9
Share this post
Find Threats in Event Logs with Hayabusa
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
6
A "Thank You" to Paid Subscribers
I sincerely want to thank those of you that are supporting this blog. Here are some resources just for you.
Mar 20, 2023
•
Eric Capuano
9
Share this post
A "Thank You" to Paid Subscribers
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
3
So you want to be a SOC Analyst? Part 4
Now that we've detected attacks, let's learn to actively block an attack.
Mar 20, 2023
•
Eric Capuano
21
Share this post
So you want to be a SOC Analyst? Part 4
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
20
Mounting E01 Forensic Images in Linux
So you want to mount an E01 forensic image? This guide will help.
Mar 10, 2023
•
Eric Capuano
2
Share this post
Mounting E01 Forensic Images in Linux
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
1
Live Incident Response with Velociraptor
A video walk-through of incident handling using the open source Velociraptor agent
Mar 3, 2023
•
Eric Capuano
2
Share this post
Live Incident Response with Velociraptor
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
February 2023
So you want to be a SOC Analyst? Part 3
Emulating an adversary for crafting detections
Feb 24, 2023
•
Eric Capuano
27
Share this post
So you want to be a SOC Analyst? Part 3
blog.ecapuano.com
Copy link
Facebook
Email
Note
Other
8
Share
Copy link
Facebook
Email
Note
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts
