Blogs
Learning notes, cybersecurity reflections, and certification journey posts organized by context.
Module 10: Introduction to IDS/IPS
My CDSA Module 10 notes on IDS/IPS with Suricata, Snort, and Zeek - operation modes, output analysis, file extraction, writing detection rules for real C2 (PowerShell Empire, Covenant, Sliver, Ursnif, Cerber, Patchwork), JA3 and TLS cert detection, Zeek log hunting, and the skills assessment.
Module 9: Intermediate Network Traffic Analysis
My CDSA Module 9 notes on intermediate network traffic analysis - link-layer attacks (ARP spoofing, 802.11 deauth, rogue and evil-twin APs), network and transport anomalies (fragmentation, IP spoofing, TTL evasion, TCP scan patterns, ICMP tunneling), application-layer attacks (HTTP fuzzing, request smuggling, XSS, TLS renegotiation, DNS abuse), and the skill assessment.
Module 8: Intro to Network Traffic Analysis
My CDSA Module 8 notes on network traffic analysis - fundamentals and protocols, the analysis process, tcpdump filtering on the command line, and a set of Wireshark labs including file carving, a port 4444 intrusion case, and decrypting RDP with the server's RSA key.
Module 7: Introduction to Threat Hunting & Hunting With Elastic
My CDSA Module 7 notes on threat hunting fundamentals, threat intelligence, and a full Stuxbot investigation in Elastic/Kibana using KQL pivots.
Module 6: Detecting Windows Attacks with Splunk
My CDSA Module 6 notes on Splunk hunts for AD recon, credential attacks, delegation, DCSync, and Zeek network detections from the labs.
Module 6: Skill Assessment
My CDSA Module 6 Splunk skill assessment walkthrough for Empire beaconing, PrintNightmare RPC detection, and BloodHound DCE-RPC collection.
Module 5: Windows Attacks and Defense
My CDSA Module 5 notes on Active Directory fundamentals, 12 AD attack vectors, detection Event IDs, honeypot strategies, and ESC8 skill assessment log retrieval.
Module 4: Additional Splunk Hunting Queries
Extra Splunk searches I practiced after Module 4: remote thread baselines, PsExec password recovery, C2 inbound ports, Kerberos ticket volume, SYSTEM reach, and burst login windows.
Module 4: Skill Assessment
My CDSA Module 4 Splunk skill assessment walkthrough tracking process injection through CreateRemoteThread events, parent-child pivots, and EventCode breadth analysis.
Module 4: Understanding Log Sources & Investigating with Splunk
My CDSA Module 4 notes on Splunk architecture, SPL, app deployment, network-scale Sysmon hunting, known TTP detection, and statistical anomaly searches.
Module 3: Windows Event Logs & Finding Evil
My CDSA Module 3 notes on Windows Event Logs, Sysmon, ETW, SilkETW, Get-WinEvent, and practical detection scenarios.
Module 3: Skill Assessment
My CDSA Module 3 skill assessment notes using Get-WinEvent, Sysmon logs, XML parsing, and timeline pivots across DLL hijacking, unmanaged PowerShell, LSASS dumping, and strange PPID behavior.
Module 2: Security Monitoring & SIEM Fundamentals
A practical overview of SIEM fundamentals, the Elastic Stack, ECS/KQL querying, SOC tiering, triage workflow, MITRE ATT&CK mapping, and detection engineering use cases.
Module 1: Incident Handling Process
Key lessons from studying incident handling through HTB Academy and CDSA preparation, covering preparation, detection, containment, recovery, post-incident activity, and where AI can help.