学习安全运营的记录 | The knowledge base of security operation
Education kit for teaching introductory Arm-based system-on-chip design on FPGA with lectures and practical labs (educational)
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
Field reference for BTL1 and Tier 1 SOC work — grep-ready cheatsheets, SPL queries, Volatility workflows, live response commands
Online resources related to SOC Analysts. Incident investigation reference material, blogs, newsletters, good reads, books, trainings, podcasts, Twitter/X accounts and a set of tools relevant to the role of SOC analyst.
Offline Microsoft 365 forensic triage for exported CSV logs (UAL + Entra ID sign-ins). Generates a court-friendly, evidence-focused HTML report and SQLite dataset with suspicious activity findings no Microsoft APIs required.
Cybersecurity engineer focused on threat analysis, vulnerability intelligence, and offensive CI/CD research. Creator of open tools for SOC teams and defenders. Building the future of contextual vulnerability tracking with CIR (Cyber Issue Record). Always blending code, security, and operational reality.
Your go-to repo for all things cyber
OSINT Extension for SOC Intelligence
Pentest Lab: Recon (Nmap) + DAST (OWASP ZAP baseline/full) against OWASP Juice Shop with reproducible HTML/TXT/PNG evidence and optional SOC correlation.
🔍 Automate forensic triage of Microsoft 365 logs, generating a normalized dataset and a court-friendly report for swift incident response.
Windows Event Log forensic timeline and incident response analysis tool (EVTX triage)
Open-source cyber threat intelligence reports: evidence-labeled assessments, SOC-oriented guidance, and defensive research. PDF and HTML with table of contents and working reference links. Handala Hack Group, Sandworm/APT44. By Andrey Pautov (@1200km). Long-form articles on Medium.
Compile references of publications, devices, SoC and tools for technical watch. Provides CLI tool, web page, Ruby server and kind of PWA to search and get results from corpora.
A scalable, Lakehouse-based SIEM architecture using Apache Kafka, Spark, Hadoop, and Hive for real-time security threat detection and large-scale log analytics
SOC Standard Operating Procedures — 170+ bilingual (EN/TH) vendor-agnostic SOPs, 50 playbooks, 36 Sigma rules. Build a SOC from zero.
TotalOSINT is a privacy-first, client-side OSINT toolkit for security analysts. Instantly extract IOCs (IPs, Domains, Hashes) from raw logs and launch bulk investigations across dozens of threat intelligence sources. Zero-data-persistence workflow for SOC and DFIR teams. No installation required.
FORTRESS is an interactive security control simulation platform designed for security architects, analysts, and students to understand the full spectrum of security controls. Featuring a comprehensive NIST SP 800-53 aligned control matrix, interactive attack simulations, scenario-based training, a 50+ control encyclopedia, defense builder👨🏿💻🔒.
Add a description, image, and links to the soc topic page so that developers can more easily learn about it.
To associate your repository with the soc topic, visit your repo's landing page and select "manage topics."