Splunk + Sysmon correlation rules built to detect multi-stage attack patterns. Identified process injection via unusual parent-child process relationships, registry-based persistence mechanisms, and lateral movement indicators across Windows Event Logs.
This case study is being written up with full scenario documentation, investigation timeline, IOC table, detection strategy, and conclusion. Check back soon or contact me directly to discuss this investigation.