In this repository, I will cover various security approaches to attack techniques and share new discoveries about security breaches. Through the new discoveries and learnings shared in this repository, I hope to provide helpful insights for those involved in security operations, hunting, incident response, and more.
Day | Title | Comment |
---|---|---|
Day1 | Day1-Basic-Malware-Analysis.md | |
Day2 | Day2-APT29-Part1-Overview.md Day2-APT29-Part2-Midnight-Blizzard.md Day2-APT29-Part3-Midnight-Blizzard.md Day2-APT29-Part4-Midnight-Blizzard-MDE-EvaluationLab.md |
Russia-based activity group |
Day3 | Day3-Microsoft-ThreatActorNamingTaxonomy.md | |
Day4 | Day4-Mango-Sandstorm-Part1-Overview.md Day4-Mango-Sandstorm-Part2-AttackTechniques-Insights.md Day4-Mango-Sandstorm-Part3-AttackTechniques-Insights.md |
Iran-based activity group |
Day5 | Day5-AntivirusConfig-Tips.md | |
Day6 | Day6-M365D-XDR-AutomaticAttackDisruption.md | AiTM, BEC, Human-operated ransomware |
Day7 | Day7-AiTM-Insights-XDR.md | AiTM, BEC |
Day8 | Day8-WebShell-Insights-XDR.md | Web shell |
Day9 | Day9-XDR-Insights-part1.md | XDR |
Day10 | Day10-XDR-Insights-part2.md | XDR |
Day11 | SOON | XDR |
ExP/Lv | Title | Comment |
---|---|---|
Lv.100 | YARA tool | still learning |
Lv.200 | MSTICPy | merging data |
The views and opinions expressed herein are those of the author and do not necessarily reflect the views of company.