POISON ARROW Cameron Pfeil
🚧 WEBSITE UNDER CONSTRUCTION...
Hands-on practice • repeatable workflow

Security Labs & Writeups

A structured archive of lab work and practical investigations. Writeups are sanitized and educational, focused on methodology, tooling, detection/response lessons, and repeatable takeaways.

SOC Triage Network Analysis Endpoint Telemetry SIEM Threat Hunting

Current focus

What I'm working on right now
TryHackMe Writeups (Sanitized)
Key takeaways, commands, and defensive lessons. The goal is to document repeatable investigation patterns.
THM Investigation Writeups
Building
Elastic Stack: Winlogbeat → Elasticsearch → Kibana
End-to-end log ingestion by configuring Winlogbeat to ship Windows Event Logs into Elasticsearch with centralized visualization and hunting in Kibana.
Elastic Windows Logs Pipeline
In progress

Categories

How I organize labs
Network
PCAP analysis, tcpdump/Wireshark workflows, and protocol triage.
Net
Endpoint
Windows/Linux telemetry, process trees, persistence, and triage.
EDR
SIEM / Detection
Splunk/Elastic query building, alerts, and investigation timelines.
SIEM
Threat Hunting
Hypothesis-driven hunts, IOCs, and confirmation steps.
Hunt

Recent writeups

Examples (add links as you publish)
Investigating with Splunk — notes
How I approach alert triage, pivot fields, build timelines, and confirm/deny hypotheses.
Add link
PCAP triage workflow
Quick method: identify flows, extract indicators, confirm protocol behavior, and document findings.
Planned
Linux auth log investigation
Brute-force patterns, suspicious sessions, and how to validate with correlated logs.
Planned

Suggest a lab

Ideas welcome

If you have an authorized lab or a learning path you think I should run, send it to me. I'm especially interested in realistic SOC scenarios and detection validation.

Email LinkedIn TryHackMe