↓ Skip to main content

Blue Team · SOC · DFIR · Threat Hunting

Created by Ahmed Eid

Detect. Hunt.
Respond.

Technical deep-dives for SOC Analysts, Threat Hunters, and Incident Responders. From SIEM queries to Malware Analysis. built by practitioners, for practitioners.

1Articles

8Topics

FreeAlways

Browse All Articles Explore Topics

soc-analyst@blueteam:~$

# Welcome to the Blue Team knowledge base
hunt --mode proactive --framework mitre-attack
[ ✓ ] Threat hunting session initialized
detect --siem sentinel --lang kql
[ ✓ ] Detection rules loaded — 200+ use cases
respond --playbook ir-lifecycle.yml
█

Knowledge Base

Blue Team Topics

Deep technical content across all Blue Team disciplines

Threat Detection

SIEM use cases, detection rules, alert tuning, and Sigma rules for catching adversaries before they cause damage.

MITRE ATT&CK

Tactics, techniques, and procedures mapped to real-world adversary behavior across the full kill chain.

Windows Security

Critical Event IDs, Active Directory attacks, PowerShell logging, Kerberos, and endpoint hardening techniques.

Network Analysis

Protocol deep-dives, Wireshark, Zeek, NetFlow analysis, and detecting malicious traffic patterns.

Digital Forensics

Disk, memory, and network forensics using Autopsy, Volatility, FTK, and Wireshark with chain of custody.

Threat Hunting

Hypothesis-driven hunting methodologies, KQL and SPL query libraries, and proactive threat discovery.

Malware Analysis

Static and dynamic analysis, sandbox investigation, YARA rules, IOC extraction, and reverse engineering basics.

Incident Response

NIST IR lifecycle, response playbooks, containment strategies, and post-incident reporting templates.

Find Me Online

Connect With Me

Follow along for cybersecurity content, career insights, and Blue Team knowledge

linkedin.com/in/a0xEid

Cloud Security Engineer · Orange Business · Threat Detection, Hunting & Digital Forensics.

Arabic cybersecurity education — SOC, Linux, DFIR, and threat detection explained for practitioners.

Cybersecurity insights, threat intelligence, SOC tips, and Blue Team content — straight from the field.

Latest

Recent Articles

Fresh content straight from the field

MITRE ATT&CK: Understanding Adversary Behavior Through Real-World Cyber Attacks

MITRE ATT&CKThreat-Informed DefensePyramid of PainTTPs

MITRE ATT&CK: Understanding Adversary Behavior Through Real-World Cyber Attacks

A deep dive into MITRE ATT&CK, Threat-Informed Defense, and how understanding attacker behavior transforms cybersecurity.

Mar 24, 2026 5 min read

View All Articles

NETWORK PROTOCOLS

Network Protocols

Key protocols every SOC analyst must know — ports, monitoring techniques,
and common exploitation patterns

SECURITY MONITORING

Critical Windows Events

The most critical Event IDs for security analysis and threat detection

Event ID	Category	Description	Severity	Analyst Notes

NIST SP 800-61R2 | INCIDENT RESPONSE

Incident Response Lifecycle

7 detailed steps built on the NIST SP 800-61r2 framework — with tasks and
tools for each phase

INCIDENT RESPONSE PLAYBOOKS

IR Playbooks

Step-by-step response playbooks for the most common incident scenarios — with commands and actions per phase

LOCKHEED MARTIN | CYBER KILL CHAIN

Cyber Kill Chain

7 phases of a cyber attack — attack techniques, SOC analyst role,
and MITRE ATT&CK mapping per phase

MITRE ATT&CK FRAMEWORK

MITRE ATT&CK Tactics

14 adversary tactics mapped to real-world techniques — from reconnaissance
to impact

SOC OPERATIONS

Alert Triage

Step-by-step checklist for every alert — plus the escalation matrix
from L1 to CIRT

CHECKLIST

Triage Checklist

Work through these steps on every alert

ESCALATION MATRIX

Who Handles What

Escalation path by severity and complexity

LOG MANAGEMENT

Log Sources

Critical log sources for every SOC analyst — where to look
and what to collect

About the Author

Ahmed Eid

Cyber Security Engineer

Public Cloud Security, Threat Detection & Response