This repository documents my practical hands-on work from the Summit room on TryHackMe. This lab simulates real-world adversary behavior and challenges you to detect and block malicious actions using defensive tools and strategies.
- Malware sandbox analysis
- Defense building using the Pyramid of Pain framework
- Hash-based detection and mitigation
- Firewall and DNS-based blocking
- Writing Sigma rules for:
- Registry changes
- Network anomalies
- File creation events
- Detection of MITRE ATT&CK TTPs
- Practical blue-team defense escalation techniques
| Challenge | Skill Demonstrated | Tool/Strategy Used |
|---|---|---|
| Sample 1 | Static hash detection | SHA-256 hash block |
| Sample 2 | IP-based network block | Egress firewall rule |
| Sample 3 | Domain filtering | DNS-based blocking |
| Sample 4 | Registry artifact detection | Sigma rule + Sysmon |
| Sample 5 | Network pattern detection | Sigma rule for periodic C2 |
| Sample 6 | File exfil pattern | File creation Sigma rule |
I’m continuing to grow as a Blue Team professional and Detection Engineer. Connect with me: https://www.linkedin.com/in/sohn-sayndee-ab3182355/(#) |thepsalmisst33@gmail.com (#)