Manish_SOC_Analyst

#threathunting #soc #cybersecurity #siem #securityoperations #detectionengineering #mitreattack #threatintelligence | Manish Rawat After analyzing attack techniques, I found 6 detection patterns  that consistently catch breaches in threat hunting: Most SOC teams react to alerts. Smart teams hunt for patterns before alerts trigge...

After analyzing attack techniques, I found 6 detection patterns
that consistently catch breaches in threat hunting:

Most SOC teams react to alerts.
Smart teams hunt for patterns before alerts trigger.

Link : www.linkedin.com/posts/manish...

Feel free to ask, and support me
#Cybersecurity
#SOC

#cybersecurity #informationsecurity #substack #threathunting #sysmon #detectionengineering | Manish Rawat I didn’t expect this. Recently, my research on DLL hijacking detection was referenced in CTO at NCSC – Cyber Defence Analysis. The section titled: “37 Sysmon Events. One Complete DLL Hijacking Attac...

I didn’t expect this.

Recently, my research on DLL hijacking detection was referenced in CTO at NCSC – Cyber Defence Analysis.

www.linkedin.com/posts/manish...

#Cybersecurity #Informationsecurity #Infosec #substack #sysmon

WMI Event Consumer Persistence: How APT29 Achieves Fileless Persistence (Part 1) Understanding the theory before analyzing real attack logs

I just published WMI Event Consumer Persistence: How APT29 Achieves Fileless Persistence (Part 1) medium.com/p/wmi-event-...

PowerShell Encoded Commands: Building Detection Rules That Actually Work (Part 2) I built Splunk queries in my lab. Here’s what failed, what worked, and why the -eNcO parameter defeats simple detection.

I just published PowerShell Encoded Commands: Building Detection Rules That Actually Work (Part 2) medium.com/p/powershell...

#infosec #Cyberseurity #ThreatDetection #Analysis #Medium #blog #Powershell #Encoded

Practical Part is coming soon!! 😉

PowerShell Encoded Commands: Why Attackers Love It and How We Hunt It They’re hiding in plain sight in your logs. Here’s how 100,000+ variations of the same technique keep working.

I just published PowerShell Encoded Commands: Why Attackers Love It and How We Hunt It medium.com/p/powershell...

#Hunt #Cybersecurity #ThreatHunting #Analysis #Powershell #Ecoded #Base64 #Trending #Medium #Blog #bluesky #Redcanary #Paloalto #Mitre #Att&ck

Just published a new GitHub repo documenting my SOC automation lab. github.com/Manishrawat2...

It covers detection, alert enrichment, attack simulation, and lessons learned using Wazuh, N8N, Caldera, and Velociraptor, all designed as a learning reference, not a production system.

#cybersecurity

Catching APT29’s Favorite Evasion Trick: Detecting DLL Sideloading with Sigma (T1574.002) A multi-tiered detection strategy to uncover one of the stealthiest persistence techniques used by nation-state threat actors.

I just published Catching APT29’s Favorite Evasion Trick: Detecting DLL Sideloading with Sigma (T1574.002) devsecopsai.today/catching-apt...

#Cybersecurity #CISO #APT29 #Sigma #Evasion #Published #Detection #Threat #Medium #Blog #Bluesky #bsky #Analysis

Thanks James

How I Built a Sigma Detection Rule to Catch APT29’s Encoded PowerShell Attacks A deep dive into threat hunting methodology, detection engineering, and building effective defenses against nation-state adversaries

I just published How I Built a Sigma Detection Rule to Catch APT29’s Encoded PowerShell Attacks systemweakness.com/how-i-built-...

#Apt29 #Cybersecurity #ThreatHunting #Threat #Hunting #SIGMA #Sysmon #Medium #Blog #Bluesky #CISO #CTO

GitHub - Manishrawat21/Analysis: I analyzed some famous attack tecniques here I analyzed some famous attack tecniques here. Contribute to Manishrawat21/Analysis development by creating an account on GitHub.

Published my DLL hijacking research on GitHub.

GitHub: DLL Hijacking Detection - Theory, Evidence, and Telemetry

37 real Sysmon events. Complete analysis. Open to feedback.

github.com/Manishrawat2...

#ThreatHunting #SecurityResearch #Github #Analysis #Cybersecurity #Windows #Sysmon #Splunk #hack

37 Sysmon Events. One Complete DLL Hijacking Attack. Here’s What Happened. I analyzed real malware logs and discovered why non-admin users can execute code without triggering a single alert.

I just published 37 Sysmon Events. One Complete DLL Hijacking Attack. Here’s What Happened. medium.com/p/37-sysmon-...

#Splunk #Trending #Cybersecurity #Writer #Hijacking #Medium #Blog #Threat_hunting #Analysis #Sysmon #Windows #CISO #Hunter #Threat #Published #Events

On Sunday, I'm going to publish a practical version of this. "37 Sysmon Events. One Complete DLL Hijacking Attack. Here's What Happened."

DLL Hijacking Still Works in 2025 and That’s a Problem Why a decades-old Windows behavior still defeats modern defenses

I just published DLL Hijacking Still Works in 2025 and That’s a Problem systemweakness.com/dll-hijackin...
#Cybersecurity #Bsky #Blog #Medium #Trending #ThreatHunter #Malware #Hijacking #Splunk

Wazuh + N8N Integration Almost Beat Me — But Giving Up Wasn’t an Option A SOC Analyst’s real story of persistence, coffee, and why small technical challenges matter more than you think

I just published Wazuh + N8N Integration Almost Beat Me — But Giving Up Wasn’t an Option systemweakness.com/wazuh-n8n-in...

#Wazuh #Cybersecurity #N8N #SIEM #Automation #Medium #Blog #Integration