Eric’s Substack

Home
Notes
Tools & Resources
General Technology
Archive
Leaderboard
About
Atomic & Stateful Detection Rules
Harnessing the Power of Precision and Context in Detection Engineering
  
Eric Capuano
1

April 2024

Prefetch Analysis Lab
Analyze evidence of execution artifacts from a data breach investigation.
  
Eric Capuano
2

November 2023

So you want to be a SOC Analyst? 2.0
A revamp of the original SYWTBSA blog series, condensed and self-contained in a cloud-hosted lab VM. No local VM required!
  
Eric Capuano

October 2023

So you want to be a SOC Analyst? Part 6
Let's get a little more advanced with our detection rules by leveraging automated YARA scanning.
  
Eric Capuano
20
So you want to be a SOC Analyst? Part 5
So now you can write detections, which means you will soon learn about false positives; let's practice tuning those.
  
Eric Capuano
4
Threat Hunting with Velociraptor - Long Tail Analysis Lab
Leverage "rarity" in Velociraptor hunts to identify outliers with a hands-on lab using data generated from 10 systems, one of which is compromised.
  
Eric Capuano

May 2023

VMware Memory Analysis with MemProcFS
A lab guide for analyzing an infected memory image of a running VMware system with MemProcFS.
  
Eric Capuano

April 2023

March 2023

Find Threats in Event Logs with Hayabusa
A powerful technique for finding threats in Windows event logs.
  
Eric Capuano
6
A "Thank You" to Paid Subscribers
I sincerely want to thank those of you that are supporting this blog. Here are some resources just for you.
  
Eric Capuano
3
So you want to be a SOC Analyst? Part 4
Now that we've detected attacks, let's learn to actively block an attack.
  
Eric Capuano
20
Mounting E01 Forensic Images in Linux
So you want to mount an E01 forensic image? This guide will help.
  
Eric Capuano
1
© 2024 Eric Capuano
PrivacyTermsCollection notice
Start WritingGet the app
Substack is the home for great culture