alexbro1331/SOC-NOTES

GitHub: alexbro1331/SOC-NOTES

一套完整的 SOC 分析师学习笔记,涵盖 SIEM 查询、日志分析、事件响应和威胁检测的实战知识。

Stars: 0 | Forks: 0

Typing SVG
   
## 👾 关于我 ``` name : Chandan Kumar location : Sahiwal, Punjab, Pakistan education : B.S. Computer Science @ COMSATS University Islamabad (7th Semester) focus : SOC Analysis · Blue Team · Threat Detection · Incident Response current : Building a full home SOC lab — Splunk + Security Onion + Sysmon seeking : Remote SOC Analyst Internship / Entry-Level Blue Team Role ``` 我是一名网络安全专业的本科生,正通过动手实验、CTF 竞赛和日常练习积极构建真实的 SOC 技能。这里的每个仓库都是我构建、调查或检测内容的真实产出。没有虚头巴脑的东西,没有复制粘贴的理论。只有实打实的工作。 ## 🧰 技术栈与工具
**SIEM 与监控** ![Splunk](https://img.shields.io/badge/Splunk-black?style=for-the-badge&logo=splunk&logoColor=white) ![Security Onion](https://img.shields.io/badge/Security_Onion-1a56db?style=for-the-badge&logo=linux&logoColor=white) ![ELK Stack](https://img.shields.io/badge/ELK_Stack-005571?style=for-the-badge&logo=elastic&logoColor=white) ![Microsoft Sentinel](https://img.shields.io/badge/Microsoft_Sentinel-0078D4?style=for-the-badge&logo=microsoft&logoColor=white) **网络与流量分析** ![Wireshark](https://img.shields.io/badge/Wireshark-1679A7?style=for-the-badge&logo=wireshark&logoColor=white) ![Nmap](https://img.shields.io/badge/Nmap-0E83CD?style=for-the-badge&logo=nmap&logoColor=white) ![Suricata](https://img.shields.io/badge/Suricata-EF3B2D?style=for-the-badge&logo=suricata&logoColor=white) ![Zeek](https://img.shields.io/badge/Zeek-0891B2?style=for-the-badge&logo=zeek&logoColor=white) **端点与检测** ![Sysmon](https://img.shields.io/badge/Sysmon-0078D4?style=for-the-badge&logo=windows&logoColor=white) ![Sigma](https://img.shields.io/badge/Sigma_Rules-6366f1?style=for-the-badge&logo=shield&logoColor=white) ![YARA](https://img.shields.io/badge/YARA-dc2626?style=for-the-badge&logo=virustotal&logoColor=white) ![Volatility](https://img.shields.io/badge/Volatility-065f46?style=for-the-badge&logo=linux&logoColor=white) **脚本与自动化** ![Python](https://img.shields.io/badge/Python-3776AB?style=for-the-badge&logo=python&logoColor=white) ![Bash](https://img.shields.io/badge/Bash-4EAA25?style=for-the-badge&logo=gnu-bash&logoColor=white) ![PowerShell](https://img.shields.io/badge/PowerShell-5391FE?style=for-the-badge&logo=powershell&logoColor=white) **平台与操作系统** ![Kali Linux](https://img.shields.io/badge/Kali_Linux-557C94?style=for-the-badge&logo=kali-linux&logoColor=white) ![Ubuntu](https://img.shields.io/badge/Ubuntu-E95420?style=for-the-badge&logo=ubuntu&logoColor=white) ![Windows](https://img.shields.io/badge/Windows_Server-0078D4?style=for-the-badge&logo=windows&logoColor=white) ![VirtualBox](https://img.shields.io/badge/VirtualBox-183A61?style=for-the-badge&logo=virtualbox&logoColor=white) **威胁情报** ![MITRE ATT&CK](https://img.shields.io/badge/MITRE_ATT%26CK-c2410c?style=for-the-badge&logo=target&logoColor=white) ![VirusTotal](https://img.shields.io/badge/VirusTotal-394EFF?style=for-the-badge&logo=virustotal&logoColor=white) ![ANY.RUN](https://img.shields.io/badge/ANY.RUN-ff6b35?style=for-the-badge&logo=sandbox&logoColor=white)
## 📁 我的 SOC 作品集仓库
| 仓库 | 描述 | 状态 | |:-----------|:------------|:------:| | 📓 [**soc-notes**](https://github.com/alexbro1331/soc-notes) | 主知识库 —— 速查表、Playbook、学习日志、工具笔记 | 🟢 活跃 | | 🔍 [**detection-rules**](https://github.com/alexbro1331/detection-rules) | Sigma · YARA · Suricata 规则,含 MITRE ATT&CK 映射 | 🟢 活跃 | | 📄 [**incident-reports**](https://github.com/alexbro1331/incident-reports) | 来自实验室调查和 CTF 挑战的专业事件响应 (IR) 报告 | 🟢 活跃 | | 🏗️ [**home-soc-lab**](https://github.com/alexbro1331/home-soc-lab) | 完整实验室搭建指南 —— 架构、配置文件、仪表板、截图 | 🟢 活跃 | | 🐍 [**python-soc-tools**](https://github.com/alexbro1331/python-soc-tools) | IOC 富化工具 · 日志解析器 · Sigma 转换器 · 报告生成器 | 🟢 活跃 | | 🎯 [**threat-hunts**](https://github.com/alexbro1331/threat-hunts) | 基于假设的威胁狩猎报告,包含 SPL 查询和发现结果 | 🟢 活跃 |
## 🏠 家庭 SOC 实验室架构 ``` ┌─────────────────────────────────────────────────────────────────┐ │ CHANDAN'S HOME SOC LAB │ │ (VirtualBox Environment) │ ├──────────────┬──────────────────────────┬───────────────────────┤ │ ATTACKER │ VICTIM NETWORK │ SOC PLATFORM │ │ │ │ │ │ Kali Linux │ Windows 10 VM │ Security Onion │ │ ────────── │ ───────────── │ ───────────────── │ │ • Nmap │ • Sysmon (SwiftOnSec) │ • Splunk (SIEM) │ │ • Metasploit│ • Windows Event Logs │ • Zeek (NSM) │ │ • Hydra │ • Audit Policies │ • Suricata (IDS) │ │ • Burp Suite│ • PowerShell Logging │ • Kibana Dashboards │ │ │ │ │ │ │ Ubuntu Server VM │ Shuffle (SOAR) │ │ │ ───────────────── │ ──────────────── │ │ │ • Apache · SSH │ • Auto-enrichment │ │ │ • Auth logs │ • Alert workflows │ │ │ • Syslog │ • IR automation │ └──────────────┴──────────────────────────┴───────────────────────┘ All traffic flows through Security Onion for monitoring ``` ## 🏆 认证资质
| 证书 | 提供商 | 年份 | |:------------|:---------|:----:| | 🟢 Splunk Core Certified User | Splunk | 2025 | | 🟢 Cisco Introduction to Cybersecurity | Cisco NetAcad | 2024 | | 🟢 Cisco Networking Basics | Cisco NetAcad | 2024 | | 🟢 Fortinet NSE 1 — Information Security Awareness | Fortinet | 2025 | | 🟢 Fortinet NSE 2 — Evolution of Cybersecurity | Fortinet | 2025 | | 🟢 IBM Cybersecurity Fundamentals | IBM SkillsBuild | 2025 | | 🟢 AWS Security Fundamentals | Amazon Web Services | 2025 | | 🟢 Google Cloud Security Badge | Google | 2025 | | 🟢 TryHackMe SOC Level 1 | TryHackMe | 2025 | | 🟡 Google Cybersecurity Certificate | Google / Coursera | 进行中 | | 🟡 Microsoft SC-900 Security Fundamentals | Microsoft | 进行中 |
## 📊 GitHub 统计
  

## 📈 我的学习之旅 ``` PHASE 1 — FOUNDATIONS ████████████████████ 100% ✅ Complete PHASE 2 — CORE SOC SKILLS ████████████░░░░░░░░ 60% 🔄 In Progress PHASE 3 — ADVANCED & SPECIALIST ░░░░░░░░░░░░░░░░░░░░ 0% ⏳ Upcoming PHASE 4 — JOB READY & HIRED ░░░░░░░░░░░░░░░░░░░░ 0% ⏳ Upcoming ``` **📓 每周学习日志** → [`soc-notes/learning-log/`](https://github.com/alexbro1331/soc-notes) **📣 关注我的 LinkedIn** → [linkedin.com/in/chandan-kumar](https://www.linkedin.com/in/chandan-kumar) ## 🔬 近期实验室调查 | # | 调查项目 | 类型 | 使用工具 | MITRE 技术 | |:-:|:-------------|:-----|:-----------|:----------------| | 005 | 通过 DNS 隧道的 C2 信标 | 网络取证 | Wireshark · Zeek | T1071.004 | | 004 | 模拟勒索软件检测 | 事件响应 | Splunk · Sysmon | T1486 | | 003 | Emotet 恶意软件行为分析 | 恶意软件分析 | ANY.RUN · YARA | T1059.005 | | 002 | 凭据暴力破解活动 | 日志分析 | Splunk · Sigma | T1110.001 | | 001 | PCAP 中的 ARP 投毒 | 数据包分析 | Wireshark | T1557.002 | 📄 完整报告 → [incident-reports 仓库](https://github.com/alexbro1331/incident-reports) ## 🎯 当前重点 ``` current_skills_building = [ "Advanced Sigma rule writing for lateral movement detection", "Threat hunting with Velociraptor + hypothesis-driven methodology", "SOAR automation playbooks with Shuffle", "Memory forensics with Volatility 3", "Azure Sentinel cloud SOC operations", ] next_milestone = "Phase 3 Complete — Advanced & Specialist" open_to = "Remote SOC Analyst Internships · Blue Team roles · Security research" ``` ## 🌐 CTF 与平台档案
[![TryHackMe](https://img.shields.io/badge/TryHackMe-212C42?style=for-the-badge&logo=tryhackme&logoColor=white)](https://tryhackme.com/p/alexbro1331) [![HackTheBox](https://img.shields.io/badge/HackTheBox-9FEF00?style=for-the-badge&logo=hackthebox&logoColor=black)](https://app.hackthebox.com/profile/) [![CyberDefenders](https://img.shields.io/badge/CyberDefenders-1a56db?style=for-the-badge&logo=shield&logoColor=white)](https://cyberdefenders.org/p/alexbro1331) [![LetsDefend](https://img.shields.io/badge/LetsDefend-0f2d5e?style=for-the-badge&logo=shield&logoColor=white)](https://app.letsdefend.io/user/alexbro1331)
## 📬 联系我
 

*对远程 SOC 实习、初级蓝队角色以及网络安全合作持开放态度。* *我会在 24 小时内回复所有消息。*
标签:AI合规, AMSI绕过, BurpSuite集成, meg, Metaprompt, Security Onion, SIEM查询, Sigma规则, Sysmon, 信息安全, 初级安全分析师, 威胁检测, 学习资源, 安全技能, 安全运营中心, 实习指南, 家庭实验室, 应用安全, 教程, 目标导入, 网络安全, 网络映射, 计算机科学, 逆向工具, 隐私保护