☕ Blue Teams Have all The Fun 💅💅

One of the things I 🥰 LOVE 🥰 about cybersecurity is the thrill of a suspicious alert. Don’t get me wrong, those moments can be terrifying, but I’d be lying if I said the investigation process isn’t addicting.. like a reverse capture the flag 😰😅

There’s a high that comes from diving into the unknown: pivoting off a flagged IP, pulling DNS logs, mapping outbound traffic, or correlating with known threat intel. I’ll dig into endpoint telemetry to identify which process spawned the connection, check for abnormal child processes, review PowerShell or command-line history, and correlate it all with authentication logs – whether onprem or in Entra.

It’s like building a timeline from raw noise – network logs, OS artifacts, user behavior, and making sense of something that wasn’t supposed to happen. Sometimes it’s benign, (okay, 98% of the time it’s benign), but sometimes it’s not and every alert is a chance to sharpen your skillset and play a game of “catch me if you can?” 💻