In this repository, I will cover various security approaches to attack techniques and share new discoveries about security breaches. Through the new discoveries and learnings shared in this repository, I hope to provide helpful insights for those involved in security operations, hunting, incident response, and more.
| Day | Title | Comment |
|---|---|---|
| Day1 | Day1-Basic-Malware-Analysis.md | |
| Day2 | Day2-APT29-Part1-Overview.md Day2-APT29-Part2-Midnight-Blizzard.md Day2-APT29-Part3-Midnight-Blizzard.md Day2-APT29-Part4-Midnight-Blizzard-MDE-EvaluationLab.md |
Russia-based activity group |
| Day3 | Day3-Microsoft-ThreatActorNamingTaxonomy.md | |
| Day4 | Day4-Mango-Sandstorm-Part1-Overview.md Day4-Mango-Sandstorm-Part2-AttackTechniques-Insights.md Day4-Mango-Sandstorm-Part3-AttackTechniques-Insights.md |
Iran-based activity group |
| Day5 | Day5-AntivirusConfig-Tips.md | |
| Day6 | Day6-M365D-XDR-AutomaticAttackDisruption.md | AiTM, BEC, Human-operated ransomware |
| Day7 | Day7-AiTM-Insights-XDR.md | AiTM, BEC |
| Day8 | Day8-WebShell-Insights-XDR.md | Web shell |
| Day9 | Day9-XDR-Insights-part1.md | XDR |
| Day10 | Day10-XDR-Insights-part2.md | XDR |
| Day11 | SOON | XDR |
| ExP/Lv | Title | Comment |
|---|---|---|
| Lv.100 | YARA tool | still learning |
| Lv.200 | MSTICPy | merging data |
The views and opinions expressed herein are those of the author and do not necessarily reflect the views of company.