Skip to content

chrisalee27-dotcom/SOC-Level-1-Capstone

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits
Boogeyman
Boogeyman
 
 
Boogeyman_2
Boogeyman_2
 
 
Boogeyman_3
Boogeyman_3
 
 
Tempest
Tempest
 
 
README.md
README.md
 
 

Repository files navigation

SOC Level 1 Capstone – Incident Investigations

This repository contains incident response investigations completed during the TryHackMe SOC Level 1 Capstone.

Each investigation simulates a real-world security incident and requires analysis of:

  • Network traffic (PCAP)
  • Windows Event Logs
  • Sysmon logs
  • Malware artifacts
  • Command execution
  • Persistence mechanisms

The goal is to practice the workflow used by SOC Analysts and Incident Responders.

🔎 Investigations

Investigation Description
Tempest Incident Investigation of a phishing-based compromise involving malicious documents, C2 traffic, privilege escalation, and persistence

Skills Demonstrated

  • Network traffic analysis (Wireshark)
  • Windows log analysis
  • Sysmon investigation
  • Malware identification
  • Command & Control detection
  • Privilege escalation analysis
  • Persistence detection
  • MITRE ATT&CK mapping

Tools Used

  • Wireshark
  • Event Viewer
  • Sysmon
  • VirusTotal
  • CyberChef
  • Windows Command Line
  • PowerShell

Repository Structure

SOC-Level-1-Capstone
│
├── Tempest
│   ├── README.md
│   └── Screenshots
│
└── README.md

Author

Christopher Lee Cybersecurity Student – Purdue Global Aspiring SOC Analyst

About

Capstone SOC Projects

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors