# Medhat Fathy ## Medhat Fathy - [Whoami](https://0xmedhat.gitbook.io/whoami/whoami.md) - [cyber kill chain Arabic](https://0xmedhat.gitbook.io/whoami/cyber-kill-chain-arabic.md) - [Incident Response Process Arabic](https://0xmedhat.gitbook.io/whoami/incident-response-process-arabic.md) - [PythonScripts](https://0xmedhat.gitbook.io/whoami/pythonscripts.md) - [BTL1 Notes](https://0xmedhat.gitbook.io/whoami/btl1-notes.md) - [Threat Hunting Hypothesis](https://0xmedhat.gitbook.io/whoami/threat-hunting-hypothesis.md) - [Boss Of The Soc V1](https://0xmedhat.gitbook.io/whoami/writesup/boss-of-the-soc-v1.md) - [Network Hunting with zeek & wireshak](https://0xmedhat.gitbook.io/whoami/writesup/network-hunting-with-zeek-and-wireshak.md) - [Hammered Cyberdefenders](https://0xmedhat.gitbook.io/whoami/writesup/hammered-cyberdefenders.md): Category : Digital Forensics Log Analysis Honeypot Apache2 - [Hacked Cyberdefenders](https://0xmedhat.gitbook.io/whoami/writesup/hacked-cyberdefenders.md): Category : Digital Forensics Medium " Linux FTK Disk" - [HireMe CyberDefenders](https://0xmedhat.gitbook.io/whoami/writesup/hireme-cyberdefenders.md): Karen is a security professional looking for a new job. A company called "TAAUSAI" offered her a position and asked her to complete a couple of tasks to prove her technical competency. - [Sysinternals cyberdefenders](https://0xmedhat.gitbook.io/whoami/writesup/sysinternals-cyberdefenders.md): Category : Digital Forensics FTK Windows Disk - [Hunting .Net Malware](https://0xmedhat.gitbook.io/whoami/writesup/hunting-.net-malware.md): To hunt for msbuild execution, focus on Sysmon logs where the image of the process contains "msbuild.exe". Msbuild is being used by attackers to compile and execute code (https://lolbas-project.github - [Unattended TryHackMe](https://0xmedhat.gitbook.io/whoami/writesup/unattended-tryhackme.md): Use your Windows forensics knowledge to investigate an incident. - [Disgruntled TryHackMe](https://0xmedhat.gitbook.io/whoami/writesup/disgruntled-tryhackme.md): Use your Linux forensics knowledge to investigate an incident. - [RDP Cache Forensics](https://0xmedhat.gitbook.io/whoami/writesup/rdp-cache-forensics.md) - [Use Case With elk](https://0xmedhat.gitbook.io/whoami/use-case-with-elk.md): ELK is an open source stack that consists of three applications (Elasticsearch, Logstash and Kibana) - [Hunting with elk](https://0xmedhat.gitbook.io/whoami/hunting-with-elk.md) - [hunting with Splunk](https://0xmedhat.gitbook.io/whoami/hunting-with-splunk.md) - [Digital Forensics](https://0xmedhat.gitbook.io/whoami/digital-forensics.md) - [SOC Roadmap "Rooms and Challanges zero 2 hero "](https://0xmedhat.gitbook.io/whoami/soc-roadmap-rooms-and-challanges-zero-2-hero.md) - [SOC Roadmap for Cat Reloaded Team](https://0xmedhat.gitbook.io/whoami/soc-roadmap-for-cat-reloaded-team.md) - [Soc Interviews](https://0xmedhat.gitbook.io/whoami/soc-interviews.md): hopeful that will be good guide to U - [Investigating with Windows Event Logs](https://0xmedhat.gitbook.io/whoami/investigating-with-windows-event-logs.md) - [Detect AD attacks](https://0xmedhat.gitbook.io/whoami/detect-ad-attacks.md): هحدثه كل فترة إن شاء الله - [Hunt Evil](https://0xmedhat.gitbook.io/whoami/hunt-evil.md) - [cs](https://0xmedhat.gitbook.io/whoami/cs.md) - [KQL](https://0xmedhat.gitbook.io/whoami/kql.md): will be always updated - [Hunting with ATP](https://0xmedhat.gitbook.io/whoami/threat-hunting-series/hunting-with-atp.md) - [Hunting Attacks Using ATP part 2](https://0xmedhat.gitbook.io/whoami/threat-hunting-series/hunting-with-atp/hunting-attacks-using-atp-part-2.md): in progress - [Hunting Attacks Using ATP part 1](https://0xmedhat.gitbook.io/whoami/threat-hunting-series/hunting-with-atp/hunting-attacks-using-atp-part-1.md): v1 in progress - [Introduction to Threat Hunting](https://0xmedhat.gitbook.io/whoami/cthpv2-prep/introduction-to-threat-hunting.md) - [Threat Hunting Terminology](https://0xmedhat.gitbook.io/whoami/cthpv2-prep/threat-hunting-terminology.md) - [Threat Intelligence](https://0xmedhat.gitbook.io/whoami/cthpv2-prep/threat-intelligence.md) - [Practical Exercise on threat intelligence](https://0xmedhat.gitbook.io/whoami/cthpv2-prep/practical-exercise-on-threat-intelligence.md) - [part 1](https://0xmedhat.gitbook.io/whoami/attacks-and-detections/part-1.md): some of SOPs - [part 2](https://0xmedhat.gitbook.io/whoami/attacks-and-detections/part-2.md): some of SOPs - [part 3](https://0xmedhat.gitbook.io/whoami/attacks-and-detections/part-3.md) - [Part 4](https://0xmedhat.gitbook.io/whoami/attacks-and-detections/part-4.md): Some of SOPs - [Part 5](https://0xmedhat.gitbook.io/whoami/attacks-and-detections/part-5.md): Some - [Part 6](https://0xmedhat.gitbook.io/whoami/attacks-and-detections/part-6.md): Some of SOPs - [Part 7](https://0xmedhat.gitbook.io/whoami/attacks-and-detections/part-7.md) - [Random Notes](https://0xmedhat.gitbook.io/whoami/random-notes.md): anythingggg searhed with them in my wooooork , will be always updated - [Windows forensics Random Notes](https://0xmedhat.gitbook.io/whoami/windows-forensics-random-notes.md): نوتس عشوائية - [File System Notes](https://0xmedhat.gitbook.io/whoami/file-system-notes.md): random notes - [Memory forensics Notes](https://0xmedhat.gitbook.io/whoami/memory-forensics-notes.md): randommmmmm - [working notes](https://0xmedhat.gitbook.io/whoami/working-notes.md) - [MS SENTINEL](https://0xmedhat.gitbook.io/whoami/working-notes/ms-sentinel.md) - [MDE Advanced Hunting (KQL)](https://0xmedhat.gitbook.io/whoami/working-notes/mde-advanced-hunting-kql.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://0xmedhat.gitbook.io/whoami/whoami.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.