Windows security investigation analyzing failed authentication attempts using Event Viewer and Event ID 4625.

This project required the built-in of high-confidence detections in Microsoft Sentinel using KQL, focusing on identity security and reducing false positives. This project targets MFA bypass and correlates signals like impossible travel and abnormal access patterns to detect real-world attacks.

Network traffic investigation using Wireshark to analyze HTTP traffic and identify network communication patterns.

Analysis of APT34 tactics, techniques, and procedures (TTPs) with a focus on detection methods and threat identification.

Network traffic investigation using Wireshark to analyze DNS, TCP, TLS and HTTP traffic.

Investigated suspicious Microsoft 365 sign in activity using portal triage, containment actions like session revocation and stronger authentication, then validated remediation and practiced structured KQL hunting patterns with Azure Monitor Logs demo data.

Enterprise security lab simulating Active Directory, SIEM, and internal attack scenarios in a virtual environment.

This repository is a structured, research-driven documentation of my journey...

AI-assisted SOC triage pipeline - real AD attack alerts fed through Claude API for automated Tier 1 analysis. Includes analyst dashboard, AI vs manual comparison, and documented hallucination found during failure testing.

Artefact conçu pour déplacer la surface d'action vers la représentation opérationnelle d'un système défensif. Pas d'exploitation, pas de persistance. L'espace cognitif comme terrain. Ce qui cesse d'être observé pendant la qualification est l'espace dans lequel il opère.