POISON ARROW Cameron Pfeil
Hands-on practice • repeatable workflow

Security Labs & Writeups

A structured archive of lab work and practical investigations. Writeups are sanitized and educational, focused on methodology, tooling, detection/response lessons, and repeatable takeaways.

SOC Triage Network Analysis Endpoint Telemetry SIEM Threat Hunting

Current focus

What I'm working on right now
Threat Intelligence Lab: MISP Containerization
Deployed a localized Malware Information Sharing Platform (MISP) via Docker Compose on an Ubuntu core VM. Configured system resource scaling to support heavy multi-threaded expansion modules and solved container network routing loops.
Threat Intel Docker Ubuntu Core DevSecOps
Completed
Elastic Stack: Winlogbeat → Elasticsearch → Kibana
End-to-end log ingestion by configuring Winlogbeat to ship Windows Event Logs into Elasticsearch with centralized visualization and hunting in Kibana.
Elastic Windows Logs Pipeline
In progress

Categories

How I organize labs
Network
PCAP analysis, tcpdump/Wireshark workflows, and protocol triage.
Net
Endpoint
Windows/Linux telemetry, process trees, persistence, and triage.
EDR
SIEM / Detection
Splunk/Elastic query building, alerts, and investigation timelines.
SIEM
Threat Hunting
Hypothesis-driven hunts, IOCs, and confirmation steps.
Hunt

Recent writeups

Examples (add links as you publish)
Investigating with Splunk — notes
How I approach alert triage, pivot fields, build timelines, and confirm/deny hypotheses.
Planned
Threat Intelligence Lab: MISP Containerization
A full technical blueprint detailing the deployment, resource optimization, and configuration troubleshooting required to host an open-source threat intel platform using Docker Compose.
Completed

Suggest a lab

Ideas welcome

If you have an authorized lab or a learning path you think I should run, send it to me. I'm especially interested in realistic SOC scenarios and detection validation.

Email LinkedIn TryHackMe