Citadel Cybersec
@citadelcysec.bsky.social
Cybersecurity Analyst | SAL1 | BTL1 | Security+ | TryHackMe Top 1% | 💼 Available for Hire
Pinned
"Know thy self, know thy enemy. A thousand battles, a thousand victories."
孫子
孫子
Just published a ShadowTrace walkthrough from TryHackMe, covering malware analysis, IOC extraction, and alert decoding.
#Cybersecurity #MalwareAnalysis #DFIR #TryHackMe #IncidentResponse
#Cybersecurity #MalwareAnalysis #DFIR #TryHackMe #IncidentResponse
TryHackMe ShadowTrace Walkthrough: Malware Analysis and IOC Extraction
Complete writeup with binary analysis, alert decoding, and DFIR techniques
medium.com
February 2, 2026 at 4:44 PM
Just published a ShadowTrace walkthrough from TryHackMe, covering malware analysis, IOC extraction, and alert decoding.
#Cybersecurity #MalwareAnalysis #DFIR #TryHackMe #IncidentResponse
#Cybersecurity #MalwareAnalysis #DFIR #TryHackMe #IncidentResponse
"Know thy self, know thy enemy. A thousand battles, a thousand victories."
孫子
孫子
January 26, 2026 at 8:14 PM
"Know thy self, know thy enemy. A thousand battles, a thousand victories."
孫子
孫子
If you’re preparing for TryHackMe’s Security Analyst Level 1 (SAL1) — this practical study guide breaks down my preparation strategy, what to expect in the theory + hands-on parts, and how to approach real SOC tasks.
#CyberSec #TryHackMe #CareerTips #InfoSec
#CyberSec #TryHackMe #CareerTips #InfoSec
How I Passed TryHackMe’s Security Analyst Level 1 (SAL1): A Practical Study Guide
A breakdown of the SAL1 exam, its SOC scenarios, tools, and how to prepare effectively using TryHackMe
medium.com
January 26, 2026 at 3:41 PM
If you’re preparing for TryHackMe’s Security Analyst Level 1 (SAL1) — this practical study guide breaks down my preparation strategy, what to expect in the theory + hands-on parts, and how to approach real SOC tasks.
#CyberSec #TryHackMe #CareerTips #InfoSec
#CyberSec #TryHackMe #CareerTips #InfoSec
Just published a new writeup on detecting web shells in a compromised WordPress environment using Apache access logs.
Based on the TryHackMe Detecting Web Shells room, this article focuses on practical log analysis and incident response techniques.
#Cybersecurity #BlueTeam #TryHackMe
Based on the TryHackMe Detecting Web Shells room, this article focuses on practical log analysis and incident response techniques.
#Cybersecurity #BlueTeam #TryHackMe
Detecting Web Shells in WordPress Through Apache Log Analysis
A TryHackMe writeup from the “Detecting Web Shells” room — Task 6: Investigation
medium.com
January 21, 2026 at 1:31 PM
Just published a new writeup on detecting web shells in a compromised WordPress environment using Apache access logs.
Based on the TryHackMe Detecting Web Shells room, this article focuses on practical log analysis and incident response techniques.
#Cybersecurity #BlueTeam #TryHackMe
Based on the TryHackMe Detecting Web Shells room, this article focuses on practical log analysis and incident response techniques.
#Cybersecurity #BlueTeam #TryHackMe
New TryHackMe write-up 🔍
Encrypted Protocol Analysis: Decrypting HTTPS
• TLS Client Hello identification
• Decrypting HTTPS with Key Log Files
• HTTP/2 analysis in Wireshark
• Extracting hidden data from PCAPs
Read here:
medium.com/@citadelcybe...
#Cybersecurity #Wireshark #NetworkSecurity
Encrypted Protocol Analysis: Decrypting HTTPS
• TLS Client Hello identification
• Decrypting HTTPS with Key Log Files
• HTTP/2 analysis in Wireshark
• Extracting hidden data from PCAPs
Read here:
medium.com/@citadelcybe...
#Cybersecurity #Wireshark #NetworkSecurity
Wireshark Traffic Analysis: Encrypted Protocol Analysis: Decrypting HTTPS
A TryHackMe Practical Exercise Writeup
medium.com
January 14, 2026 at 4:05 PM
New TryHackMe write-up 🔍
Encrypted Protocol Analysis: Decrypting HTTPS
• TLS Client Hello identification
• Decrypting HTTPS with Key Log Files
• HTTP/2 analysis in Wireshark
• Extracting hidden data from PCAPs
Read here:
medium.com/@citadelcybe...
#Cybersecurity #Wireshark #NetworkSecurity
Encrypted Protocol Analysis: Decrypting HTTPS
• TLS Client Hello identification
• Decrypting HTTPS with Key Log Files
• HTTP/2 analysis in Wireshark
• Extracting hidden data from PCAPs
Read here:
medium.com/@citadelcybe...
#Cybersecurity #Wireshark #NetworkSecurity
"Igitur quī dēsīderat pācem, præparet bellum"
Publius Flavius Vegetius Renatus
The conditions of peace are often preserved by a readiness to make war to defend said peace when the need arises.
Publius Flavius Vegetius Renatus
The conditions of peace are often preserved by a readiness to make war to defend said peace when the need arises.
January 14, 2026 at 4:02 PM
"Igitur quī dēsīderat pācem, præparet bellum"
Publius Flavius Vegetius Renatus
The conditions of peace are often preserved by a readiness to make war to defend said peace when the need arises.
Publius Flavius Vegetius Renatus
The conditions of peace are often preserved by a readiness to make war to defend said peace when the need arises.
In my new article I walk through TryHackMe’s Sysmon Room, Task 10 – Practical Investigations, showing how to analyze real attack scenarios using Sysmon logs, Event Viewer, and PowerShell
👉 Read it here: medium.com/@citadelcybe...
#TryHackMe #Sysmon #IncidentResponse #BlueTeam #IncidentResponse
👉 Read it here: medium.com/@citadelcybe...
#TryHackMe #Sysmon #IncidentResponse #BlueTeam #IncidentResponse
Sysmon Investigation Walkthrough, Using Event Viewer and PowerShell
TryHackMe Sysmon Task 10: Practical Investigations Explained (With PowerShell)
medium.com
January 7, 2026 at 5:58 PM
In my new article I walk through TryHackMe’s Sysmon Room, Task 10 – Practical Investigations, showing how to analyze real attack scenarios using Sysmon logs, Event Viewer, and PowerShell
👉 Read it here: medium.com/@citadelcybe...
#TryHackMe #Sysmon #IncidentResponse #BlueTeam #IncidentResponse
👉 Read it here: medium.com/@citadelcybe...
#TryHackMe #Sysmon #IncidentResponse #BlueTeam #IncidentResponse
🔍 Ever wondered how to analyze HTTP traffic in Wireshark? Check out my latest TryHackMe writeup where I break down the steps and techniques for better network security insights!
medium.com/@citadelcybe...
#Cybersecurity #Wireshark #networksecurity
medium.com/@citadelcybe...
#Cybersecurity #Wireshark #networksecurity
Wireshark Traffic Analysis: HTTP Cleartext Protocol Analysis
A TryHackMe Practical Exercise Writeup
medium.com
December 30, 2025 at 6:22 PM
🔍 Ever wondered how to analyze HTTP traffic in Wireshark? Check out my latest TryHackMe writeup where I break down the steps and techniques for better network security insights!
medium.com/@citadelcybe...
#Cybersecurity #Wireshark #networksecurity
medium.com/@citadelcybe...
#Cybersecurity #Wireshark #networksecurity
I’ve just published a deep dive into my experience with Advent of Cyber 🖥️🎄. If you're passionate about cybersecurity or just looking to learn more about this awesome event, my comprehensive review breaks it all down.
#CyberSecurity #AdventOfCyber #TechCommunity #Infosec #TryHackMe
#CyberSecurity #AdventOfCyber #TechCommunity #Infosec #TryHackMe
My First Advent of Cyber: A Comprehensive Review
As this was my first time participating in Advent of Cyber, I must say I’m quite impressed. While it is described as beginner-friendly, it…
medium.com
December 25, 2025 at 12:20 PM
I’ve just published a deep dive into my experience with Advent of Cyber 🖥️🎄. If you're passionate about cybersecurity or just looking to learn more about this awesome event, my comprehensive review breaks it all down.
#CyberSecurity #AdventOfCyber #TechCommunity #Infosec #TryHackMe
#CyberSecurity #AdventOfCyber #TechCommunity #Infosec #TryHackMe
How can Splunk SIEM be used to detect and analyze a DDoS attack? Check my writeup:
• Identifying malicious URIs
• Detecting botnet traffic
• Analyzing user agents
• Visualizing attack peaks with timechart
#Cybersecurity #Splunk #SIEM #DDoS #TryHackMe
• Identifying malicious URIs
• Detecting botnet traffic
• Analyzing user agents
• Visualizing attack peaks with timechart
#Cybersecurity #Splunk #SIEM #DDoS #TryHackMe
Leveraging Splunk SIEM to Detect DoS Attacks
TryHackMe Detecting Web DDoS Room, Task 5 Practical Exercise
medium.com
December 24, 2025 at 4:39 PM
How can Splunk SIEM be used to detect and analyze a DDoS attack? Check my writeup:
• Identifying malicious URIs
• Detecting botnet traffic
• Analyzing user agents
• Visualizing attack peaks with timechart
#Cybersecurity #Splunk #SIEM #DDoS #TryHackMe
• Identifying malicious URIs
• Detecting botnet traffic
• Analyzing user agents
• Visualizing attack peaks with timechart
#Cybersecurity #Splunk #SIEM #DDoS #TryHackMe
🔍 New write-up: Detecting ICMP & DNS tunneling and analyzing FTP cleartext attacks using Wireshark.
Step-by-step investigation of real PCAPs, filters, and attacker behavior
#Cybersecurity #Wireshark #BlueTeam #NetworkSecurity #ThreatDetection
Step-by-step investigation of real PCAPs, filters, and attacker behavior
#Cybersecurity #Wireshark #BlueTeam #NetworkSecurity #ThreatDetection
Wireshark Traffic Analysis: DNS and ICMP Traffic Tunneling & FTP Cleartext Protocol Analysis
A TryHackMe Practical Exercise Writeup
medium.com
December 22, 2025 at 5:36 PM
🔍 New write-up: Detecting ICMP & DNS tunneling and analyzing FTP cleartext attacks using Wireshark.
Step-by-step investigation of real PCAPs, filters, and attacker behavior
#Cybersecurity #Wireshark #BlueTeam #NetworkSecurity #ThreatDetection
Step-by-step investigation of real PCAPs, filters, and attacker behavior
#Cybersecurity #Wireshark #BlueTeam #NetworkSecurity #ThreatDetection
"The more the storm, the more the strength."
Douglas Malloch
Douglas Malloch
December 22, 2025 at 5:26 PM
"The more the storm, the more the strength."
Douglas Malloch
Douglas Malloch
Just published! A new Medium deep-dive on using Splunk and perimeter logs to reconstruct an attack from start to finish. If you want to strengthen your incident response skills, this breakdown has everything.
#CyberSecurity #Splunk #IncidentResponse #DFIR #NetworkSecurity
#CyberSecurity #Splunk #IncidentResponse #DFIR #NetworkSecurity
Splunk Incident Response: Reconstructing an Attack Using Perimeter Logs
TryHackMe — Network Security Essentials (Task 7 Practical Exercise)
medium.com
December 10, 2025 at 4:59 PM
Just published! A new Medium deep-dive on using Splunk and perimeter logs to reconstruct an attack from start to finish. If you want to strengthen your incident response skills, this breakdown has everything.
#CyberSecurity #Splunk #IncidentResponse #DFIR #NetworkSecurity
#CyberSecurity #Splunk #IncidentResponse #DFIR #NetworkSecurity
Just published a new Medium article on Wireshark Traffic Analysis!
Struggling to identify hosts or decode network behavior? I break down DHCP, NetBIOS, and Kerberos traffic with clear examples to level up your packet analysis skills. 👇
#Wireshark #CyberSecurity #NetworkSecurity
Struggling to identify hosts or decode network behavior? I break down DHCP, NetBIOS, and Kerberos traffic with clear examples to level up your packet analysis skills. 👇
#Wireshark #CyberSecurity #NetworkSecurity
Wireshark Traffic Analysis: Identifying Hosts: DHCP, NetBIOS and Kerberos
A TryHackMe Practical Exercise Writeup
medium.com
December 10, 2025 at 4:56 PM
Just published a new Medium article on Wireshark Traffic Analysis!
Struggling to identify hosts or decode network behavior? I break down DHCP, NetBIOS, and Kerberos traffic with clear examples to level up your packet analysis skills. 👇
#Wireshark #CyberSecurity #NetworkSecurity
Struggling to identify hosts or decode network behavior? I break down DHCP, NetBIOS, and Kerberos traffic with clear examples to level up your packet analysis skills. 👇
#Wireshark #CyberSecurity #NetworkSecurity
New TryHackMe write‑up!
Wireshark Traffic Analysis: ARP Poisoning and MITM.
If you're into network forensics or enjoy dissecting hostile traffic, you’ll appreciate this one.
#Wireshark #ARP #MITM
Wireshark Traffic Analysis: ARP Poisoning and MITM.
If you're into network forensics or enjoy dissecting hostile traffic, you’ll appreciate this one.
#Wireshark #ARP #MITM
Wireshark Traffic Analysis: ARP Poisoning & Man In The Middle
A TryHackMe Practical Exercise Writeup
medium.com
December 4, 2025 at 11:38 AM
New TryHackMe write‑up!
Wireshark Traffic Analysis: ARP Poisoning and MITM.
If you're into network forensics or enjoy dissecting hostile traffic, you’ll appreciate this one.
#Wireshark #ARP #MITM
Wireshark Traffic Analysis: ARP Poisoning and MITM.
If you're into network forensics or enjoy dissecting hostile traffic, you’ll appreciate this one.
#Wireshark #ARP #MITM
Check out my latest article on using Brim for threat hunting! From investigating CobaltStrike to detecting crypto mining—learn how to efficiently analyze network traffic and respond to real-world threats.
#Cybersecurity #ThreatHunting #Brim
#Cybersecurity #ThreatHunting #Brim
Searching, Filtering, and Correlation: Threat Hunting with Brim
TryHackMe Brim Room Write-up
medium.com
December 4, 2025 at 11:15 AM
Check out my latest article on using Brim for threat hunting! From investigating CobaltStrike to detecting crypto mining—learn how to efficiently analyze network traffic and respond to real-world threats.
#Cybersecurity #ThreatHunting #Brim
#Cybersecurity #ThreatHunting #Brim
I have recently published my latest writeup:
"Cloud-based Threat Detection with Splunk"
Check how I Solved Rotten Cloud Investigation in Blue Team Labs Online (Halloween 2025 Special Event)👇
#BTLO #Splunk #ThreatDetection
"Cloud-based Threat Detection with Splunk"
Check how I Solved Rotten Cloud Investigation in Blue Team Labs Online (Halloween 2025 Special Event)👇
#BTLO #Splunk #ThreatDetection
Cloud-based Threat Detection with Splunk
Solving Rotten Cloud Investigation — Blue Team Labs Online (Halloween 2025 Special Event)
medium.com
November 27, 2025 at 11:54 AM
I have recently published my latest writeup:
"Cloud-based Threat Detection with Splunk"
Check how I Solved Rotten Cloud Investigation in Blue Team Labs Online (Halloween 2025 Special Event)👇
#BTLO #Splunk #ThreatDetection
"Cloud-based Threat Detection with Splunk"
Check how I Solved Rotten Cloud Investigation in Blue Team Labs Online (Halloween 2025 Special Event)👇
#BTLO #Splunk #ThreatDetection
In my new article I break down how to analyze Nmap scans using Wireshark, with clear examples and packet insights.
Check it out 👉 medium.com/@citadelcybe...
#Cybersecurity #NetworkAnalysis #Wireshark
Check it out 👉 medium.com/@citadelcybe...
#Cybersecurity #NetworkAnalysis #Wireshark
Wireshark Traffic Analysis: Nmap Scans
Investigating a .pcap file to analyze a suspected Nmap scan using Wireshark. A practical TryHackMe exercise.
medium.com
November 24, 2025 at 3:33 PM
In my new article I break down how to analyze Nmap scans using Wireshark, with clear examples and packet insights.
Check it out 👉 medium.com/@citadelcybe...
#Cybersecurity #NetworkAnalysis #Wireshark
Check it out 👉 medium.com/@citadelcybe...
#Cybersecurity #NetworkAnalysis #Wireshark
A good refresher of what I learnt in CompTIA Security+ concerning Web Application Security, and including some cool practical exercises.
#TryHackMe #OWASP #cybersecurity
#TryHackMe #OWASP #cybersecurity
November 24, 2025 at 3:09 PM
A good refresher of what I learnt in CompTIA Security+ concerning Web Application Security, and including some cool practical exercises.
#TryHackMe #OWASP #cybersecurity
#TryHackMe #OWASP #cybersecurity
Investigating a vast, malicious email & URL phishing campaign! This is how attackers are targeting individuals & organizations.
Learn the techniques they use to bypass security measures👇
#Phishing #DFIR #Cybersecurity
Learn the techniques they use to bypass security measures👇
#Phishing #DFIR #Cybersecurity
Exposing a Vast Phishing Campaign by Probing Malicious Emails and URLs
TryHackMe Snapped Phish-ing Line Room Write‑Up
medium.com
November 21, 2025 at 12:01 PM
Investigating a vast, malicious email & URL phishing campaign! This is how attackers are targeting individuals & organizations.
Learn the techniques they use to bypass security measures👇
#Phishing #DFIR #Cybersecurity
Learn the techniques they use to bypass security measures👇
#Phishing #DFIR #Cybersecurity
How the Elastic Stack (ELK) can supercharge your SOC log investigations? 🔍
Check my detailed THM writeup on using #ElasticSearch for SIEM analysis & incident response!
#Cybersecurity #SOC #ElasticStack
Check my detailed THM writeup on using #ElasticSearch for SIEM analysis & incident response!
#Cybersecurity #SOC #ElasticStack
Elastic Stack (ELK) for SOC Log Investigations
TryHackMe Elastic Stack: The Basics, Tasks 4 and 5 Writeup
medium.com
November 17, 2025 at 6:09 PM
How the Elastic Stack (ELK) can supercharge your SOC log investigations? 🔍
Check my detailed THM writeup on using #ElasticSearch for SIEM analysis & incident response!
#Cybersecurity #SOC #ElasticStack
Check my detailed THM writeup on using #ElasticSearch for SIEM analysis & incident response!
#Cybersecurity #SOC #ElasticStack
November 17, 2025 at 6:02 PM
I uncover data hidden in network traffic, from identifying device information to analyzing anomalous behaviors in my new write-up “Network Forensics with NetworkMiner”.
#CyberSecurity #NetworkForensics #DFIR #PCAP #NetworkMiner
#CyberSecurity #NetworkForensics #DFIR #PCAP #NetworkMiner
Network Forensics with NetworkMiner
Investigating PCAP files in TryHackMe’s NetworkMiner Room: Tool Overview 2
medium.com
November 14, 2025 at 6:01 PM
I uncover data hidden in network traffic, from identifying device information to analyzing anomalous behaviors in my new write-up “Network Forensics with NetworkMiner”.
#CyberSecurity #NetworkForensics #DFIR #PCAP #NetworkMiner
#CyberSecurity #NetworkForensics #DFIR #PCAP #NetworkMiner
How the new TryHackMe approaches the SOC Level 1 path to the real world Security Analyst role: From lots of general tooling to specific SIEM and detection!
#TryHackMe #SOC #BlueTeam
#TryHackMe #SOC #BlueTeam
The new TryHackMe SOC Level 1 Path
Now getting ready for the job got even better
medium.com
November 12, 2025 at 10:58 AM
How the new TryHackMe approaches the SOC Level 1 path to the real world Security Analyst role: From lots of general tooling to specific SIEM and detection!
#TryHackMe #SOC #BlueTeam
#TryHackMe #SOC #BlueTeam
TryHackMe’s Live Attacks challenge plus Snort → hands-on IDS rule writing and real-time detection. I walked the labs and share the exact rules I used.
#TryHackMe #IDS #Snort
#TryHackMe #IDS #Snort
Mastering Snort: Stopping Real-Time Attacks from the TryHackMe “Live Attacks” Challenge
Learn how to detect and block brute-force and reverse shell attacks using Snort IDS/IPS — step-by-step, hands-on, and beginner-friendly.
medium.com
November 12, 2025 at 10:56 AM
TryHackMe’s Live Attacks challenge plus Snort → hands-on IDS rule writing and real-time detection. I walked the labs and share the exact rules I used.
#TryHackMe #IDS #Snort
#TryHackMe #IDS #Snort