Project URL: https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro

• Installed a Win11 VM with Defender Disabled and a Barebones Ubuntu Server with Sliver Installed.


• Installed Sysmon and LimaCharlie Sensor on Windows VM.


• Generated a payload, started c2 sessions, and observed EDR telemetry on LimaCharlie.


• Crafted Detection and Response Rules, fine-tuned rules to decrease false positives.


• Used Yara rules to detect malware based on signatures and automated the process.