TECH LAB

Security notes from the blue team trenches.
Practical guides, tool configurations, and lessons learned.
No vendor pitches. No marketing fluff.

Sections

Lab Notes Blue team field notes and incident response guides Tool Stack What I use daily - endpoint, network, M365, and more

Latest Lab Notes

12 FEB 2024 | INCIDENT RESPONSE
Phishing Response Playbook: A Blue Team Guide

A practical walkthrough for handling phishing incidents, from initial report to lessons learned. Includes PowerShell snippets for investigation.

View All Lab Notes →

Current Project

C:\SECURITY\PROJECTS> dir /b
03/02/2024 09:15 <DIR> powershell-ir-toolkit
                    Building a collection of IR scripts for common investigation tasks.
                    Currently: Memory forensics automation scripts
                    Status: In Progress

Working on consolidating my incident response scripts into a reusable toolkit. Will share here when ready.

Tool Spotlight

Sysmon

Endpoint
Free
Essential

If you're not running Sysmon on your endpoints, you're flying blind. It provides detailed logging of process creations, network connections, file changes, and more - the kind of visibility that makes incident response actually possible.

PS C:\> sysmon -accepteula -i -n
System Monitor v15.0 - System activity monitor
Copyright (C) 2014-2023 Mark Russinovich and Thomas Garnier
Sysmon installed and started.

View Full Tool Stack →

Credentials

  • Microsoft 365 Certified: Security Administrator Associate
  • CompTIA Security+
  • Years of on-the-job learning (the real certification)

Certifications are nice, but nothing beats hands-on experience responding to real incidents.