Detection of brute force login attempts using Windows Event Logs (Event ID 4625)

Cross-Platform Universal Log Viewer.

Full SOC-style investigation including alert validation, log correlation, OSINT enrichment, MITRE mapping, and a final incident report demonstrating real-world triage and analysis skills.

LogLens is a universal log explorer that runs entirely in your browser. Drop any log file in, query it with KQL, visualize it on a timeline, and analyze it with a local AI - all without a single byte of your data touching the internet.

Lab 02 - Brute Force Attack Simulation & Detection | Metasploit smb_login vs Windows 10 | Failed Logins Detected via Windows Event ID 4625 | Blue Team | SOC Lab

Lab 04 — SIEM Setup with Splunk Cloud | Windows Security Log Analysis | SPL Queries | SOC Dashboard | 100 Events Ingested

Hands-on TryHackMe Sysmon write-up covering process, network, registry, and persistence investigations with Event Viewer and PowerShell.

Client-side Windows event log forensics — Sigma rule matching, PowerShell decode, ransomware chain correlation, credential access detection, and process lineage reconstruction. No backend required.

SOC Analyst threat detection lab with log analysis, phishing investigation, MITRE mapping, and incident response documentation.

End-to-end phishing simulation and SOC investigation lab - deploying GoPhish credential harvesting infrastructure and detecting execution via Windows EventID 4688 parent-child process analysis in Splunk.

End-to-end SOC detection lab built on Splunk Enterprise - simulating a multi-stage attack across Kali, Windows 10, and Ubuntu, with SPL detection queries, a 4-panel dashboard, and formal incident report mapped to MITRE ATT&CK.

Splunk SPL reference and detection query library for SOC analysts — brute force, lateral movement, persistence, and threat hunting queries ready to use.

End-to-end attack detection lab using Wazuh SIEM, Sysmon, and Windows event log analysis with MITRE ATT&CK mapping.

Open source HIDS tailored for Microsoft Windows and Active Directory

A comprehensive collection of security log analysis projects and methodologies for detecting threats, credential abuse, and advanced persistent threats (APTs) in enterprise environments. Features detailed forensic investigations of large-scale Windows Security Event Logs using Python-based data analytics and behavioral pattern recognition.

Herramientas en Python para convertir logs de **Windows Event Logs (.evtx)** a **JSON**, pensadas para análisis forense, threat hunting, detección y procesamiento automatizado de eventos.

Detect suspicious PowerShell execution using Sysmon + Windows Event Logs (encoded commands, LOLBIN-like behavior

Event Tracing for Windows

Hands-on practice in monitoring activity on workstations, as that’s where adversaries spend the most time trying to achieve their objectives. Practice done in the simulated challenge/room environment inside a Virtual Machine (VM) provided by TryHackMe.

The write-up for the Holmes CTF 2025. It goes over each flag with a short explanation.