Just wrapped up John Strand’s SOC Core Skills course. This was an intensive 4-day training event, with the date above reflecting when I earned the certificate. This is a foundational course for anyone doing defense. I spent a lot of time in the metaCTF.com cloud VMs working through the exercises. Specifically, I gained hands-on experience utilizing John Strand’s IntroLabs GitHub repository, deploying and interacting with critical forensic and threat hunting tools including Velociraptor, DeepBlueCLI, Sysmon, RITA, Wireshark, and TCPDump. I learned how to analyze PCAPs, parse event logs for evil, and do memory forensics with Volatility. It was highly practical and gave me a solid methodology for investigating compromised endpoints.