SOC IntelHub — IOC Triage Dashboard (VirusTotal + AbuseIPDB + OTX + MITRE Mapping) A portfolio project for SOC analysis, threat enrichment & automated ATT&CK mapping.
This IOC captures a foundational stage in the cyber kill chain: reconnaissance — where the attacker has not yet breached the system, but is actively probing to discover what might be open, unguarded, or improperly exposed.
In this second case study of the structured IOC triage series, we examined a subtle but dangerous host-based compromise involving the abuse of the Windows utility `rundll32.exe` to execute a malicious DLL payload.
This case study demonstrates how a seemingly benign protocol — DNS — can be subverted into a covert exfiltration channel when outbound traffic is tightly restricted.
This case study analyzed a stealthy host-based compromise in which the attacker exploited the trusted Windows binary mshta.exe to execute a remotely hosted, obfuscated JavaScript payload. The attacker’s strategy was notable not for brute force or privilege escalation, but for quiet persistence and clever abuse of native system behavior.
This repository documents real-world forensic triage cases involving the abuse of legitimate Windows binaries—also known as LOLBins—for malicious purposes.
This project focuses on analyzing a phishing email
An attacker deploys an "evil twin" Wi-Fi access point with the same SSID (network name) as a legitimate network. Devices auto-connect based on familiar SSID memory. The attacker silently captures the WPA2/WPA3 four-way handshake as the client connects.
This case study on ARP spoofing via Wi-Fi breach illustrates a classic but frequently underestimated threat vector in network security.
This case study documents an advanced persistence technique involving a scheduled task launching base64-encoded PowerShell, used to execute malicious commands without dropping traditional malware to disk.
This case study analyzed a low-complexity but real-world-relevant example of attacker persistence using the built-in Windows utility schtasks.exe.
Add a description, image, and links to the ioc-analysis topic page so that developers can more easily learn about it.
To associate your repository with the ioc-analysis topic, visit your repo's landing page and select "manage topics."