LetsDefend
This section contains LetsDefend writeups and notes.
Focus areas include:
- SOC analyst workflows
- Alert analysis
- Incident response
- Log and SIEM investigation
Writeups are approached from a defensive and analytical perspective.
2026
- SOC326 Case Study: Impersonating Domain MX Record Change Leading to Active Phishing Campaign Feb 5
- SOC153 Case Study: Malicious PowerShell Execution Leading to Active Malware Infection Feb 3
- SOC127 Case Study: Successful SQL Injection Attack via Automated Tooling Jan 29
- SOC205 Case Study: Malicious Macro Execution via Phishing Invoice Jan 19
- LetsDefend SOC138 – Suspicious XLS Malware Analysis Jan 16
- LetsDefend HTTP Basic Authentication Analysis – PCAP Investigation Jan 14
- LetsDefend SOC168 – Command Injection (whoami) Web Attack Analysis Jan 13
- LetsDefend SOC170 – Local File Inclusion (LFI) Attempt Analysis Jan 12
- LetsDefend SOC335 – CVE-2024-49138 Privilege Escalation Exploitation Analysis Jan 11
- LetsDefend SOC336 – Windows OLE Zero-Click RCE (CVE-2025-21298) Analysis Jan 10