SOC Analyst Project

Project URL: https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro

  • Installed a Win11 VM with Defender Disabled and a Barebones Ubuntu Server with Sliver Installed.

  • Installed Sysmon and LimaCharlie Sensor on Windows VM.

  • Generated a payload, started c2 sessions, and observed EDR telemetry on LimaCharlie.

  • Crafted Detection and Response Rules, fine-tuned rules to decrease false positives.

  • Used Yara rules to detect malware based on signatures and automated the process.