Skip to content
View tdt1114's full-sized avatar

Block or report tdt1114

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Popular repositories Loading

  1. Windows-Endpoint-Telemetry-I Windows-Endpoint-Telemetry-I Public

    Windows Telemetry Lab – Sysmon + Event ID 4688 + Splunk (Phase 1) Hands-on endpoint logging lab: Sysmon installation, Windows process telemetry, and SIEM ingestion.

  2. Windows-Endpoint-Telemetry-II-SOC-Triage Windows-Endpoint-Telemetry-II-SOC-Triage Public

    Extended windows telemetry by validating host-based Sysmon and Event ID 4688 signals and preparing cloud-based SIEM ingestion for SOC-style detection and triage.

  3. MITRE-mapping MITRE-mapping Public

    This lab demonstrates the process of analyzing Windows endpoint execution telemetry and mapping observed behavior to the MITRE ATT&CK framework, with a focus on analyst reasoning rather than tooling.

  4. process-network-correlation-lab process-network-correlation-lab Public

    This activity consists of a PowerShell execution followed shortly by DNS resolution and outbound HTTP communication to the same domain.

  5. hybrid-active-directory-lab hybrid-active-directory-lab Public

    This project documents the deployment of a hybrid Active Directory environment in Microsoft Azure and the operational tasks performed within it.

  6. azure-ad-signin-analyzer azure-ad-signin-analyzer Public

    Python tool for analyzing Azure AD sign-in logs to detect brute force and off-hours authentication activity

    Python