Here, I got hands-on with Splunk, one of the most widely used SIEM platforms. I practiced searching and filtering log data, creating dashboards, and running queries to uncover useful insights. The room gave me a practical sense of how Splunk turns raw data into actionable intelligence. I could clearly see how analysts use it to […]

This room laid the foundation for understanding Security Information and Event Management (SIEM) systems. I learned how SIEMs collect, correlate, and analyze logs from across an organization to provide a central view of security events. It emphasized how SIEMs help SOC teams detect attacks, meet compliance requirements, and respond to incidents faster. Going through this

In this room, I was introduced to Osquery, a powerful endpoint tool that lets analysts query a system like a database. I learned how to run SQL-style queries against endpoints to retrieve information about running processes, installed software, users, and more. Working with Osquery helped me see how flexible it is for gathering endpoint data

Here, I set up and explored Sysmon, a Windows system service that generates detailed logs about processes, network connections, and file changes. I learned how Sysmon enhances visibility compared to native Windows logging, providing rich context for investigations. This room gave me real-world practice in analyzing Sysmon logs to detect suspicious patterns, such as unexpected

This room introduced me to the wealth of information contained in Windows Event Logs and how they can be used for threat detection and investigation. I explored different event categories, such as login events, account management, and process creation, and learned how to interpret the details within them. The hands-on challenges helped me practice filtering

In this room, I got hands-on with Microsoft’s Sysinternals Suite, a powerful toolkit for investigating what’s really happening on a Windows system. I learned how tools like Process Explorer, Autoruns, and TCPView can provide deep insight into processes, startup programs, and network activity. Using Sysinternals in a practical way showed me how analysts can drill

This room taught me how to recognize and analyze the core Windows processes that run on a system. I explored the legitimate functions of processes like lsass.exe, svchost.exe, and explorer.exe, while also learning how attackers abuse them for malicious purposes. It was a balance between understanding normal behavior and spotting red flags. I came away

In this room, I was introduced to the fundamentals of endpoint security and why it’s such a critical part of defending modern organizations. I learned about the types of threats endpoints face, such as malware, phishing, and privilege escalation, and how attackers often target user machines to gain a foothold in networks. The room broke

I completed the TShark Challenge II: Directory room on TryHackMe, which pushed my TShark skills even further through another real-world style investigation. This time, the focus was on digging into traffic to uncover evidence of suspicious directory activity. Using command-line filters and field extraction, I had to identify important details like directories being accessed, potential

I completed the TShark Challenge I: Teamwork room on TryHackMe, which put my packet analysis skills to the test in a practical, challenge-based format. Unlike the basics rooms, this one gave me a real investigation scenario where I had to use TShark commands to filter traffic, extract important details, and piece together the story hidden