Domains
SIEM
Splunk SPL, Microsoft Sentinel KQL, QRadar AQL. Detection engineering, correlation rules, SOAR automation, and log source management.
DFIR
Digital forensics, Volatility 3 memory analysis, disk imaging, evidence handling, chain of custody, and timeline reconstruction.
Threat Hunting
Hypothesis-driven hunts, MITRE ATT&CK mapping, behavioral analytics, Cobalt Strike detection, and threat hunting frameworks.
Cloud Security
AWS CloudTrail, Azure Sentinel, GCP logging. IAM misconfigs, S3 exposure, cloud IR procedures, and container security.
Network Security
Wireshark/Zeek packet analysis, firewall log triage, DNS anomaly detection, lateral movement tracking, and zero trust architecture.
Malware Analysis
Static and dynamic analysis, sandboxing, PE structure, YARA rules, ransomware classification, and malware family tracking.
Phishing
Email header forensics, BEC detection, credential harvesting, URL detonation, QR code phishing, and AI-generated phishing analysis.
Identity & IAM
AD compromise detection, Kerberoasting, PAM monitoring (CyberArk, Vault), conditional access anomalies, and identity threat detection.
Incident Response
NIST 800-61r2 playbooks, containment strategies, evidence collection, stakeholder comms, and post-incident reviews.
OSINT
Open source intelligence, Shodan/Censys recon, attack surface management, dark web monitoring, and threat actor attribution.
AI Security
LLM prompt injection, AI red teaming, adversarial ML, ChatGPT/Copilot security risks, RAG pipeline attacks, and AI governance frameworks.
Web3 Security
Smart contract auditing, DeFi flash loan exploits, crypto wallet drainer analysis, blockchain forensics, NFT security, and BTC/ETH transaction tracing.
Articles
Articles Coming Soon
30+ expert articles across all 12 domains. Subscribe to @soc_analysts for launch updates.