William | Cybersecurity & SOC Analyst

𝗗𝗮𝘆 𝟭𝟳/𝟯𝟬 𝗦𝗼𝗰𝗶𝗮𝗹 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴 𝗟𝗮𝗯 The attacker didn’t touch a single system. They just called an employee and asked. 🧵

5/ SIEM alerts tell you something happened. Packets tell you what, where, and who. The skill isn’t reading every packet. It’s knowing which filter to type next. DNS → conversations → payloads → DHCP. Each one peels back a layer. Full PCAP analysis: github.com/WiLL75G/soc-da…

4/ DHCP traffic is the SOC analyst’s shortcut: bootp (or dhcp) filter → Hostname: brads-MBP IP: 10.2.28. 88 MAC: captured That’s the infected machine. That’s the user to call. That’s the host to isolate. Three filters. Full picture.

𝗗𝗮𝘆 𝟭𝟴/𝟯𝟬 — 𝗪𝗶𝗿𝗲𝘀𝗵𝗮𝗿𝗸 𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗧𝗿𝗮𝗳𝗳𝗶𝗰 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 A PCAP file. Thousands of packets. Somewhere in there: a malware infection. The SIEM said something happened. I had to find what. 🧵

@ireteeh Networking basic. It’s non-negotiable

Cybersecurity Twitter, let’s help beginners 👇🏾 What’s the FIRST thing someone should learn in Cyber?

@segoslavia @tryhackme Keep the energy going 🔥.

100 Days of Learning on @tryhackme

5/ The strongest firewall in any organisation is an educated employee. Tools detect attacks after they happen. Awareness stops them before they start. 🔗 Full lab report: github.com/WiLL75G/soc-da… #SOCAnalyst #SocialEngineering #BlueTeam #WilliamCyberSec

4/ A user under pressure overlooks small inconsistencies. Wrong domain. Generic greeting. Mismatched Reply-To. All visible. All ignored. Because the attacker created urgency before the user could think. That’s the whole attack.

𝗗𝗮𝘆 𝟭𝟳/𝟯𝟬 𝗦𝗼𝗰𝗶𝗮𝗹 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴 𝗟𝗮𝗯 The attacker didn’t touch a single system. They just called an employee and asked. 🧵

@mrphilghana @GhanaFor4You @RedHatPentester @CyberRacheal I support you bro 😂 something which is free people don’t take it serious I bet 🤣🤣🤣

@GhanaFor4You @RedHatPentester @CyberRacheal Then you are not ready lol

I’m eager to learn cybersecurity, however, I need programs that don’t charge enrollment fees. 🙏😟🖥️ @RedHatPentester @CyberRacheal

@CyberRacheal I appreciate 🙏❤️

@WilliamInCyber Welcome

Drop your handles in your in Cybersecurity. Engage with other cyber fellows.

5/ On-premise security is about devices. Cloud security is about identity. There’s no perimeter anymore. If an attacker gets your credentials they are you. 🔗 Full investigation report: github.com/WiLL75G/soc-da…

4/ Root account. No MFA. Used for routine tasks. In AWS that’s not a misconfiguration — it’s an open door. One compromised session = full account takeover. Every resource. Every region. Every service. → Finding documented. Remediation flagged.

𝗗𝗮𝘆 𝟭𝟲/𝟯𝟬 — 𝗔𝗪𝗦 𝗖𝗹𝗼𝘂𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗜𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻 11 events. Two users. One account wide open. CloudTrail doesn’t lie. 🧵