This repo provides a walkthrough on the most enlightening cyber security investigations I have worked on throughout my cyber security career. These investigations cover a wide range of topics, including malware analysis, network forensics, and incident response.
Each investigation is presented in a detailed and structured manner, highlighting the key findings, methodologies used, and lessons learned. The goal of this repository is to share knowledge and insights gained from real-world cyber security investigations, helping others to understand the complexities of cyber threats and how to effectively respond to them.
Whether you are a seasoned cyber security professional or just starting out in the field, this repository offers valuable insights and practical examples to enhance your understanding of cyber security investigations.
This repository is divided up based on the security tool the investigation was triggered by:
crowdstrike: Investigations triggered by CrowdStrike detectionscarbonblack: Investigations triggered by Carbon Black detectionsextrahop: Investigations triggered by ExtraHop detectionszeek: Investigations triggered by Zeek detectionsdragos: Investigations triggered by Dragos detectionsaws-guardduty: Investigations triggered by AWS GuardDuty detectionsms-defender: Investigations triggered by Microsoft Defender detections/alertsazure-sentinel: Investigations triggered by Azure Sentinel detectionssplunk: Investigations triggered by Splunk correlation search detectionsthreat-hunting: Investigations triggered by proactive threat hunting activitiesuser-reports: Investigations triggered by user-reported suspicious activityphishing: Investigations triggered by phishing email detectionsentro: Investigations triggered by Entro detections (human and/or non-human identity behavior)contrast: Investigations triggered by Contrast Security detections (application security)cortex-cloud: Investigations triggered by Cortex Cloud detections (formerly prisma cloud)
- Fork the repository
- Create your additions branch (
git checkout -b additions/programV2) - Commit your changes (
git commit -m 'Added some new features') - Push to the branch (
git push origin additions/programV2) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
LaMont Session
2026-03-22