Anonymousd407/soc-level-1
GitHub: Anonymousd407/soc-level-1
这是一个基于TryHackMe平台的SOC一级分析师学习作品集,汇集了日志分析、流量取证及事件响应的实战技术文档与实验报告。
Stars: 0 | Forks: 0
# soc-level-1
🛡️ SOC Level 1 专业作品集 | TryHackMe
执行摘要
我已在 TryHackMe 上成功完成 SOC Level 1 职业路径,积累了监控、检测和响应网络威胁的实践经验。这项强化培训使我具备了初级安全运营中心 (SOC) 分析师所需的技术思维,重点关注现实世界的攻击场景和防御架构。
核心技术领域
```
Security Operations & Monitoring: Proficient in navigating SIEM environments (Splunk/ELK) to correlate logs and identify malicious patterns.
Incident Response: Skilled in the Cyber Kill Chain and MITRE ATT&CK frameworks to track adversary behavior and mitigate risks.
Traffic & Endpoint Analysis: Experienced in inspecting network packets using Wireshark and monitoring endpoint telemetry via Sysmon and Wazuh.
Digital Forensics: Capability to analyze memory dumps and file system artifacts to reconstruct security incidents.
Phishing Defense: Expert at analyzing suspicious emails, extracting headers, and detonating malicious attachments in sandbox environments.
```
🛠️ 网络安全工具箱
类别 工具与技术
SIEM & 日志 Splunk, ELK Stack, Snort, Zeek
网络分析 Wireshark, Tshark, Brim
终端安全 OSQuery, Wazuh, Sysmon
威胁情报与研究 CyberChef, VirusTotal, Any.Run, AbuseIPDB
取证 Autopsy, Volatility, FTK Imager
📂 精选实验报告 (GitHub 仓库)
该仓库包含我针对各个安全房间的技术文档和概念验证,包括:
```
Cyber Defense Frameworks: Mapping alerts to MITRE ATT&CK.
Network Security Monitoring: Identifying command-and-control (C2) traffic.
Log Analysis: Investigating web server attacks and brute-force attempts.
Malware Analysis: Static and dynamic analysis of suspicious binaries.
```
🚀 职业目标
我致力于在防御安全领域持续学习。我目前的重点是掌握检测工程和自动化事件响应。我正在积极寻求机会为安全团队做出贡献,运用我的分析技能来保护关键基础设施。
```
"Security is not a product, but a process." — Let's build a more secure digital world.
```
标签:Autopsy, Cloudflare, CyberChef, Cyber Kill Chain, DAST, ELK Stack, L1分析师, MITRE ATT&CK, OSQuery, Rootkit, SecList, Sysmon, TryHackMe, Wazuh, Wireshark, Zeek, 内存取证, 反钓鱼, 句柄查看, 域环境安全, 威胁情报, 安全运营中心, 开发者工具, 恶意软件分析, 数字取证, 沙箱, 端点检测, 网络安全, 网络映射, 自动化脚本, 速率限制, 邮件分析, 防御性安全, 隐私保护