S Sec Savvy
CTF Writeups Blogs

Blogs

Learning notes, cybersecurity reflections, and certification journey posts organized by context.

Certification:
Source:
Topic:
Module 10: Introduction to IDS/IPS cover

Module 10: Introduction to IDS/IPS

CDSA HTB Academy IDS/IPS Module 10

My CDSA Module 10 notes on IDS/IPS with Suricata, Snort, and Zeek - operation modes, output analysis, file extraction, writing detection rules for real C2 (PowerShell Empire, Covenant, Sliver, Ursnif, Cerber, Patchwork), JA3 and TLS cert detection, Zeek log hunting, and the skills assessment.

htb-academy cdsa ids-ips
Module 9: Intermediate Network Traffic Analysis cover

Module 9: Intermediate Network Traffic Analysis

CDSA HTB Academy Network Traffic Analysis Module 9

My CDSA Module 9 notes on intermediate network traffic analysis - link-layer attacks (ARP spoofing, 802.11 deauth, rogue and evil-twin APs), network and transport anomalies (fragmentation, IP spoofing, TTL evasion, TCP scan patterns, ICMP tunneling), application-layer attacks (HTTP fuzzing, request smuggling, XSS, TLS renegotiation, DNS abuse), and the skill assessment.

htb-academy cdsa network-traffic-analysis
Module 8: Intro to Network Traffic Analysis cover

Module 8: Intro to Network Traffic Analysis

CDSA HTB Academy Network Traffic Analysis Module 8

My CDSA Module 8 notes on network traffic analysis - fundamentals and protocols, the analysis process, tcpdump filtering on the command line, and a set of Wireshark labs including file carving, a port 4444 intrusion case, and decrypting RDP with the server's RSA key.

htb-academy cdsa network-traffic-analysis
Module 7: Introduction to Threat Hunting & Hunting With Elastic cover

Module 7: Introduction to Threat Hunting & Hunting With Elastic

CDSA HTB Academy Threat Hunting Module 7

My CDSA Module 7 notes on threat hunting fundamentals, threat intelligence, and a full Stuxbot investigation in Elastic/Kibana using KQL pivots.

htb-academy cdsa threat-hunting
Module 6: Detecting Windows Attacks with Splunk cover

Module 6: Detecting Windows Attacks with Splunk

CDSA HTB Academy Splunk Module 6

My CDSA Module 6 notes on Splunk hunts for AD recon, credential attacks, delegation, DCSync, and Zeek network detections from the labs.

htb-academy cdsa splunk
Module 6: Skill Assessment cover

Module 6: Skill Assessment

CDSA HTB Academy Splunk Module 6

My CDSA Module 6 Splunk skill assessment walkthrough for Empire beaconing, PrintNightmare RPC detection, and BloodHound DCE-RPC collection.

htb-academy cdsa skill-assessment
Module 5: Windows Attacks and Defense cover

Module 5: Windows Attacks and Defense

CDSA HTB Academy Active Directory Module 5

My CDSA Module 5 notes on Active Directory fundamentals, 12 AD attack vectors, detection Event IDs, honeypot strategies, and ESC8 skill assessment log retrieval.

htb-academy cdsa active-directory
Module 4: Additional Splunk Hunting Queries cover

Module 4: Additional Splunk Hunting Queries

CDSA HTB Academy Splunk Module 4

Extra Splunk searches I practiced after Module 4: remote thread baselines, PsExec password recovery, C2 inbound ports, Kerberos ticket volume, SYSTEM reach, and burst login windows.

htb-academy cdsa splunk
Module 4: Skill Assessment cover

Module 4: Skill Assessment

CDSA HTB Academy Splunk Module 4

My CDSA Module 4 Splunk skill assessment walkthrough tracking process injection through CreateRemoteThread events, parent-child pivots, and EventCode breadth analysis.

htb-academy cdsa skill-assessment
Module 4: Understanding Log Sources & Investigating with Splunk cover

Module 4: Understanding Log Sources & Investigating with Splunk

CDSA HTB Academy Splunk Module 4

My CDSA Module 4 notes on Splunk architecture, SPL, app deployment, network-scale Sysmon hunting, known TTP detection, and statistical anomaly searches.

htb-academy cdsa splunk
Module 3: Windows Event Logs & Finding Evil cover

Module 3: Windows Event Logs & Finding Evil

CDSA HTB Academy Windows Event Logs Module 3

My CDSA Module 3 notes on Windows Event Logs, Sysmon, ETW, SilkETW, Get-WinEvent, and practical detection scenarios.

htb-academy cdsa windows-event-logs
Module 3: Skill Assessment cover

Module 3: Skill Assessment

CDSA HTB Academy Windows Event Logs Module 3

My CDSA Module 3 skill assessment notes using Get-WinEvent, Sysmon logs, XML parsing, and timeline pivots across DLL hijacking, unmanaged PowerShell, LSASS dumping, and strange PPID behavior.

htb-academy cdsa skill-assessment
Module 2: Security Monitoring & SIEM Fundamentals cover

Module 2: Security Monitoring & SIEM Fundamentals

CDSA HTB Academy Security Monitoring Module 2

A practical overview of SIEM fundamentals, the Elastic Stack, ECS/KQL querying, SOC tiering, triage workflow, MITRE ATT&CK mapping, and detection engineering use cases.

htb-academy cdsa soc
Module 1: Incident Handling Process cover

Module 1: Incident Handling Process

CDSA HTB Academy Incident Response Module 1

Key lessons from studying incident handling through HTB Academy and CDSA preparation, covering preparation, detection, containment, recovery, post-incident activity, and where AI can help.

htb-academy cdsa incident-response