{"id":10,"date":"2023-01-24T07:56:05","date_gmt":"2023-01-24T07:56:05","guid":{"rendered":"https:\/\/victorcoil.tech\/?page_id=10"},"modified":"2026-06-18T22:57:58","modified_gmt":"2026-06-18T22:57:58","slug":"tryhackme-writeups","status":"publish","type":"page","link":"https:\/\/victorcoil.tech\/?page_id=10","title":{"rendered":"SOC Investigation Note Samples"},"content":{"rendered":"\n

These notes are intended to show my thought process, methodology, and note-taking approach. The alerts will come from platforms like LetsDefend, KC7, and Splunk BoTC.<\/p>\n\n\n\n

These notes will span from early 2024 to the present, and you will see the methodology evolve. Earlier notes focused on artifact collection and closure, while later ones reflect a more structured timeline approach and incorporate advice from working SMEs and practitioners.<\/p>\n\n\n\n

For Let’sDefend notes, there will be tags for T1\/T2 or for Security Analyst\/Incident Responder. These tags indicate which cases I handle with basic triage (T1) or with deep-dive, comprehensive investigations (T2).<\/p>\n\n\n\n

\n
\n
\n
\n
\n
\n

LetsDefend Event ID 278<\/a><\/h2>\n\n\n\n

Tags: Suspicious Base64 Encoding\/Decoding Commands Detected, Incident Responder\/T2

Investigation Date: 2\/11\/2026<\/p>\n<\/div>\n\n\n\n

\n

<\/h2>\n\n\n\n

<\/p>\n<\/div>\n\n\n\n

\n

<\/h2>\n\n\n\n

<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

These notes are intended to show my thought process, methodology, and note-taking approach. The alerts will come from platforms like LetsDefend, KC7, and Splunk BoTC. These notes will span from early 2024 to the present, and you will see the methodology evolve. Earlier notes focused on artifact collection and closure, while later ones reflect a more structured timeline approach and incorporate advice from working SMEs and practitioners. For Let’sDefend notes, there will be tags for T1\/T2 or for Security Analyst\/Incident Responder. These tags indicate which cases I handle with basic triage (T1) or with deep-dive, comprehensive investigations (T2). LetsDefend Event<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"class_list":["post-10","page","type-page","status-publish","hentry"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t