Lucaslagoonss2/incident-response-portfolio

# Incident Response Portfolio **Cybersecurity Student | SOC Tier 1 | Blue Team | Threat Detection** ## 📖 My Mission in Incident Response Welcome to my Incident Response (IR) Portfolio! As a cybersecurity enthusiast focused on the Blue Team, I believe that being a great defender starts with a deep understanding of how attacks actually happen. This repository is where I document my hands-on journey through realistic investigation scenarios and threat detection labs. My goal here is simple: to transform raw logs into actionable intelligence. Each case study represents a challenge I set for myself to improve my skills in security monitoring, IOC analysis, and incident investigation using industry-standard forensic tools. ## 🎯 Core Objectives - **Incident Response:** Mastering the lifecycle from detection to lessons learned. - **Threat Detection:** Identifying malicious patterns in a sea of data. - **IOC Analysis:** Extracting and correlating Indicators of Compromise. - **Security Monitoring:** Using host-based logs to maintain visibility. - **MITRE ATT&CK Mapping:** Understanding the "how" and "why" behind attacker techniques. ## 🛠️ Tools & Technologies - **Analysis:** Wireshark, Sysmon, Windows Event Viewer - **OSINT & Intelligence:** VirusTotal, URLScan.io, CyberChef - **Automation & Scripts:** Python, PowerShell - **Frameworks:** MITRE ATT&CK, NIST IR Lifecycle - **Lab Environment:** Kali Linux, Windows Lab Environment ## 📂 Case Studies | Case | Description | Status | |------|-------------|--------| | 01 | [Suspicious PowerShell Obfuscated Execution](./cases/case-01-powershell-obfuscated/README.md) | ✅ Completed | | 02 | [Phishing URL Analysis](./cases/case-02-phishing-url-analysis/README.md) | ✅ Completed | | 03 | [Brute Force Detection & Authentication Analysis](./cases/case-03-bruteforce-detection/README.md) | ✅ Completed | | 04 | [Scheduled Task Persistence](./cases/case-04-scheduled-task-persistence/README.md) | ✅ Completed | | 05 | [SMB Authentication Failure & Event ID 4625](./cases/case-05-smb-authentication-failure/README.md) | ✅ Completed | ## 🔄 Incident Response Lifecycle Following the industry standard, each case is analyzed through these stages: 1. **Detection & Analysis** 🕵️‍♂️ 2. **Investigation** 🔍 3. **Containment** 🔒 4. **Eradication** 🧹 5. **Recovery** 🩹 6. **Lessons Learned** 🧠 ## ⚠️ Disclaimer All scenarios presented in this repository are simulated lab environments created exclusively for educational and professional development purposes. No real-world production systems were targeted. **Connect with me:** [LinkedIn](https://linkedin.com/in/lucas-rodrigues1100) | [GitHub Profile](https://github.com/Lucaslagoonss2)