# writesUp

- [Boss Of The Soc V1](https://0xmedhat.gitbook.io/whoami/writesup/boss-of-the-soc-v1.md)
- [Network Hunting with zeek & wireshak](https://0xmedhat.gitbook.io/whoami/writesup/network-hunting-with-zeek-and-wireshak.md)
- [Hammered Cyberdefenders](https://0xmedhat.gitbook.io/whoami/writesup/hammered-cyberdefenders.md): Category : Digital Forensics Log Analysis Honeypot Apache2
- [Hacked Cyberdefenders](https://0xmedhat.gitbook.io/whoami/writesup/hacked-cyberdefenders.md): Category : Digital Forensics  Medium " Linux FTK Disk"
- [HireMe CyberDefenders](https://0xmedhat.gitbook.io/whoami/writesup/hireme-cyberdefenders.md): Karen is a security professional looking for a new job. A company called "TAAUSAI"  offered her a position and asked her to complete a couple of tasks to prove her technical competency.
- [Sysinternals cyberdefenders](https://0xmedhat.gitbook.io/whoami/writesup/sysinternals-cyberdefenders.md): Category : Digital Forensics   FTK Windows Disk
- [Hunting .Net Malware](https://0xmedhat.gitbook.io/whoami/writesup/hunting-.net-malware.md): To hunt for msbuild execution, focus on Sysmon logs where the image of the process contains "msbuild.exe". Msbuild is being used by attackers to compile and execute code (https://lolbas-project.github
- [Unattended TryHackMe](https://0xmedhat.gitbook.io/whoami/writesup/unattended-tryhackme.md): Use your Windows forensics knowledge to investigate an incident.
- [Disgruntled TryHackMe](https://0xmedhat.gitbook.io/whoami/writesup/disgruntled-tryhackme.md): Use your Linux forensics knowledge to investigate an incident.
- [RDP Cache Forensics](https://0xmedhat.gitbook.io/whoami/writesup/rdp-cache-forensics.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://0xmedhat.gitbook.io/whoami/writesup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.