SOCJournal examines how security operations actually function—where they fail, why they fail, and what those failures reveal about modern security systems.
Latest Analysis
- T1070.004 – File Deletion (CrowdStrike Detection)
- T1003.002 – Security Account Manager Dumping (CrowdStrike Detection)
- T1003.001 – LSASS Memory Credential Dumping (CrowdStrike Detection)
- T1548.002 – Bypass User Account Control (Microsoft Defender Detection)
- T1562.001 – Disable or Modify Tools (Microsoft Defender Detection)