William · SOC Analyst (Tier 1)
21.3K posts
@WilliamInCyber
SOC Analyst (Tier 1) | Splunk · SIEM · MITRE ATT&CK | 28 hands-on labs | SA-based, UK/Gulf timezone overlap | Open to remote roles
⚠️ In Q1 2026, initial compromise grew 84%, and the activity behind it left no obvious signs of compromise. Malicious intent only becomes visible after multiple steps, by which point persistence is already in place. Attackers move away from immediate payloads and toward establishing access. The shift makes initial access a high-risk condition the moment it occurs, even when signals are ambiguous. 🎯 For CISOs, our Cyber Risk Report covers what to detect when there's no obvious indicator, and where SOC priorities should focus to eliminate blind spots: files.any.run/images/q1_2026…
Fake Microsoft Teams device code phishing page Interestingly, the same site was used about a year ago to host Microsoft/Outlook phishing content. URLs: readfile[.]online login.vvorkpage[.]online Old scan: urlscan.io/result/0195f40… #phishing #devicecodephishing #microsoft365 #teams @500mk500 @urlscanio
The internet made people believe you can learn tech in 12 months, open an Upwork account, and start earning thousands immediately. Reality hits differently. Getting good takes time. Finding clients takes time. Building trust takes time.
Nobody hires you because you collected certificates. They hire you because you can build, debug, and ship. Your GitHub tells that story better than Coursera ever will.
3. Cloud Security Monitoring Project Steps: 1. Sign up for a free sandbox account on Microsoft Azure or AWS. 2. Turn on Microsoft Sentinel and connect it to your main cloud activity logs. 3. Create a cloud storage folder and change its settings to be completely public to the internet. 4. Use Microsoft Defender for Cloud to run a scan and find the alert for your exposed storage. 5. Script an automation that automatically flips the public storage back to private.
Phishing Analysis Project Steps: 1. Download a real, safe phishing email file from a site like Phish Tank. 2. Paste the email headers into MXToolbox to find the sender's true IP address and look for spoofing. 3. Defang all malicious links so nobody can accidentally click them. 4. Check the sender's IP and malicious links on VirusTotal to see if they are flagged as dangerous. 5. Create a mock incident report listing the bad IPs, domains, and the steps to block them.
SIEM Detection Lab Project Steps: 1. Install Wazuh on a Linux VM to act as your central security dashboard. 2. Install the Wazuh agent and Sysmon on a Windows VM to track its background processes. 3. Use Kali or a PowerShell script to run a malicious command like whoami against the Windows VM. 4. Log into your SIEM and build a visual graph that displays successful versus failed logins. 5. Create a custom alert that triggers when a new administrative user is created.
If I cancel my Google One subscription right now, does my 1.67TB just disappear? 😭
You plug an Ethernet cable into a switch port, The link light flashes bright green, Data transfers at maximum speed. How does the switch know where to send your data?🤔
"Charter Communications confirms a data breach. ShinyHunters stole millions of customer records." Someone called a charter employee on april 1st. They convinced the employee to give access to a Microsoft Entra account. With that access, they were able to get into Salesforce. the attack required no software vulnerability. it exploited an authentication process gap and the absence of phishing-resistant MFA. At least 13 million customer records confirmed exposed. names, addresses, emails, phone numbers, support tickets. Your employees face decisions like this every day. If someone asks for credentials, does your team know what to do? If you have never tested this, you do not know the answer.
We talk a lot about “passion for tech” but nobody talks about the days you stare at the screen and feel nothing. That’s normal too. YOU’RE NOT FAILING.
Using a VPN will protect you from hackers.
