Skip to content
View tdt1114's full-sized avatar

Block or report tdt1114

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. detection-engineering-portfolio detection-engineering-portfolio Public

    End-to-end detection engineering portfolio: endpoint telemetry, SIEM platforms, MITRE ATT&CK mapping, and SOC operations

  2. azure-ad-signin-analyzer azure-ad-signin-analyzer Public

    Python tool for analyzing Azure AD sign-in logs to detect brute force and off-hours authentication activity

    Python

  3. hybrid-active-directory-lab hybrid-active-directory-lab Public

    This project documents the deployment of a hybrid Active Directory environment in Microsoft Azure and the operational tasks performed within it.

  4. MITRE-mapping MITRE-mapping Public

    This lab demonstrates the process of analyzing Windows endpoint execution telemetry and mapping observed behavior to the MITRE ATT&CK framework, with a focus on analyst reasoning rather than tooling.

  5. process-network-correlation-lab process-network-correlation-lab Public

    This activity consists of a PowerShell execution followed shortly by DNS resolution and outbound HTTP communication to the same domain.

  6. Windows-Endpoint-Telemetry-II-SOC-Triage Windows-Endpoint-Telemetry-II-SOC-Triage Public

    Extended windows telemetry by validating host-based Sysmon and Event ID 4688 signals and preparing cloud-based SIEM ingestion for SOC-style detection and triage.