Vladdd52/incident-response-reports

# 🛡️ Incident Response Reports A collection of incident response and forensic analysis reports completed as part of cybersecurity lab exercises. ## 📁 Reports | Report | Description | |--------|-------------| | 🌐 **Network Analysis** | Multi-stage network intrusion: reconnaissance, SQL/Command Injection, reverse shell, lateral movement, data exfiltration via DNS tunneling | | 🔩 **Persistence Analysis** | Forensic investigation of persistence mechanisms on a compromised Linux host: malicious systemd services, cron jobs, udev rules, SSH key injection | | 🕵️ **Threat Intelligence** | Attribution and TTP analysis of a phishing campaign delivering NetSupport RAT, linked to APT group Bloody Wolf targeting organizations in Central Asia | | 🔍 **Wazuh Investigation** | SIEM-based investigation of a multi-stage attack on AD infrastructure: NTLM brute force, web exploitation, privilege escalation, credential dumping via Mimikatz/LaZagne | ## ⚙️ Methodology Each report includes attack timeline, technical analysis, IOC tables, and MITRE ATT&CK mapping. ## 👤 Author **Kobzev Vladislav** · [@eeextinct](https://t.me/eeextinct) · kvladislav1305@gmail.com