SecOps Analyst / SOC Analyst / Threat Detection Analyst
Password Spray Threat Hunt: RDP Compromise Investigation
Microsoft Defender and Sentinel-style threat hunt that reconstructs a cyber-range Windows VM compromise from password-spray RDP access through execution, persistence, evasion, C2, and attempted exfiltration.
Hiring relevance
The RDP compromise investigation shows the ability to pivot across endpoint telemetry, explain what the evidence supports, and separate confirmed activity from unsupported assumptions.
Problem
RDP access after password spraying needed full endpoint pivots.
Outcome
The report reconstructs the attack path and attempted exfiltration.
Concepts
RDP logon analysis, KQL pivots, ATT&CK mapping, and exfil review.
Tools