SOC & Blue Team
- Log analysis
- Alert triage
- Incident investigation
- Wazuh SIEM
- MITRE ATT&CK
- IOC analysis
- Detection logic
Cybersecurity Portfolio
Hi, I'm Ho Quoc Thai
Network Security Student | SOC Analyst in Training | CTF Player
I am a cybersecurity learner focusing on SOC analysis, log investigation, threat detection, and hands-on security labs.
SOC
Alert triage
SIEM
Wazuh labs
CTF
Write-ups
About
Focused on practical security investigation
I am a network security student currently training to become a SOC Analyst. My learning path focuses on analyzing security events, investigating logs, understanding attacker techniques, and building practical detection skills through labs, CTFs, and real-world security scenarios.
I enjoy learning by doing: building labs, solving CTF challenges, writing reports, documenting findings, and improving my ability to investigate security incidents.
Skills
Technical skill areas
Organized around SOC work, operating system fundamentals, security practice, and tools.
Operating Systems
- Windows logs
- Linux logs
- PowerShell basics
- Bash basics
Security Practice
- OSINT
- Digital forensics
- Web security testing
- Basic malware analysis
- CTF problem solving
Tools
- Wazuh
- Burp Suite
- Nmap
- Wireshark
- Sysmon
- Linux CLI
- GitHub
Projects
Hands-on cybersecurity projects
Practical labs and documentation focused on investigation, detection, and evidence-based analysis.
Blue Team Lab
SOC Alert Investigation Lab
A hands-on lab focused on analyzing security alerts, reviewing logs, identifying suspicious behavior, and classifying alerts as false positive or true positive.
Windows Security
Windows Log Analysis with Sysmon
A practical project for collecting and analyzing Windows event logs using Sysmon to detect suspicious PowerShell execution, process creation, and file activity.
Documentation
CTF Write-ups Collection
A collection of CTF write-ups covering web exploitation, forensics, OSINT, reversing basics, and security problem-solving methodology.
Malware Basics
Malware Behavior Analysis Notes
Basic malware analysis notes documenting suspicious behaviors such as persistence, registry modification, command execution, and network indicators.
CTF Write-ups
Challenge notes and solving methodology
Blog-style cards for documenting the problem, evidence, exploitation path, and lessons learned.
File Upload Vulnerability Lab
Difficulty: Easy
Analyzing weak upload validation, identifying execution paths, and documenting controlled exploitation steps.
Read moreWindows Registry Investigation
Difficulty: Medium
Reviewing registry artifacts, deleted traces, persistence indicators, and evidence extraction workflow.
Read morePublic Source Investigation
Difficulty: Easy
Using public metadata, visible clues, and structured search methods without crossing privacy boundaries.
Read moreBasic Binary Analysis
Difficulty: Medium
Reading program behavior, identifying strings, checking file formats, and building a repeatable analysis process.
Read moreSecurity Notes
Short technical references
Concise notes for concepts, commands, detection logic, and investigation workflows.
PowerShell suspicious behavior
WMI Event Subscription
PsExec-like remote execution
Registry persistence
Wazuh decoder and rule writing
MITRE ATT&CK mapping
IOC investigation workflow
Learning Roadmap
Cybersecurity learning path
A practical path toward SOC analysis, detection engineering fundamentals, and stronger portfolio documentation.
Networking fundamentals
Linux and Windows fundamentals
Log analysis and SIEM basics
SOC alert triage
MITRE ATT&CK and threat detection
Digital forensics and malware basics
CTF practice and project documentation
Build a strong SOC Analyst portfolio
Contact
Connect and collaborate
For projects, write-ups, labs, and cybersecurity learning documentation.
GitHub: github.com/yourusername
LinkedIn: linkedin.com/in/yourusername
Email: your.email@example.com
Always learning. Always investigating. Always improving.