📄️ Security Analysis SOPs
Expert security analysis techniques: malware investigation, reverse engineering, cryptography audits, hash verification, smart-contract audit, cloud forensics, SaaS log forensics, email & BEC forensics & threat intelligence research.
📄️ AI/ML Vulnerability & Evasion Testing SOP
Complete AI security testing: adversarial attacks, prompt injection, model extraction, LLM vulnerabilities & governance framework for red/blue teams.
📄️ Cloud Forensics SOP
IaaS-plane forensics methodology: AWS CloudTrail / Azure Monitor + Sentinel / GCP Audit Logs collection, IAM principal-action reconstruction, region-sweep, log-tampering detection, container-runtime artifacts (EKS / AKS / GKE), cloud-volume snapshot preservation with hash-chain integrity, and cross-cloud correlation.
📄️ Cryptography Analysis SOP
Crypto security assessment: cipher analysis, encryption audits, key management review & cryptographic vulnerability testing for secure implementations.
📄️ Email & BEC Forensics SOP
Scenario-centric Business Email Compromise forensics: email header forensics (Received-chain reconstruction, Authentication-Results parsing), SPF / DKIM / DMARC / ARC mechanics, lookalike-domain and brand-impersonation detection (IDN homograph, typosquatting, dnstwist patterns, CT-log monitoring), Microsoft 365 Get-MessageTrace and Google Workspace Email Log Search, secure-email-gateway forensics (Mimecast / Proofpoint / Barracuda envelope-vs-header), phishing-kit static analysis (defensive — kit acquisition, telltale strings, AiTM detection), wire-recall pathway (SWIFT MT103 / Fedwire / SEPA recall mechanics, Financial Fraud Kill Chain, FBI IC3 reporting, FinCEN SAR triggers, beneficiary-bank coordination), and BEC scenario taxonomy (CEO fraud, vendor-invoice fraud, payroll-redirect, attorney-impersonation, real-estate / closing-funds, gift-card scam).
📄️ Digital Forensics Investigation SOP
Conduct digital forensics: disk imaging, memory analysis, artifact recovery, timeline creation & chain of custody. Tools: FTK, Autopsy, Volatility.
📄️ Hash Generation Methods for Evidence Integrity
Forensic hashing guide: SHA-256, SHA-3, BLAKE2/3, MD5/SHA-1 deprecation, file integrity verification, chain of custody & cryptographic hashing for digital evidence preservation.
📄️ Malware Analysis SOP
Complete malware analysis guide: static/dynamic analysis, sandbox setup, IOC extraction, YARA rules & threat intelligence for malware investigation.
📄️ Reverse Engineering
Binary reverse engineering: Ghidra, IDA Pro, disassembly, decompilation, debugging & exploit development for security research and CTF challenges.
📄️ SaaS Log Forensics SOP
SaaS-tenant identity and collaboration plane forensics: Microsoft 365 Unified Audit Log + Purview eDiscovery, Google Workspace Admin SDK Reports + Vault, Okta System Log + Identity Threat Protection, Slack Audit Logs + Discovery API, Salesforce Setup Audit Trail + Real-Time Event Monitoring, GitHub / GitLab audit logs, OAuth consent-grant abuse reconstruction, cross-tenant collaboration forensics (Slack Connect / Workspace external sharing / Entra ID B2B), inbox-rule and mailbox-audit forensics, retention-cliff and discovery-export discipline.
📄️ Smart Contract Audit SOP
Smart contract audit lifecycle: threat modeling, defect taxonomy (SWC), vulnerability classes (reentrancy / oracle / MEV / upgrade / governance), tooling (Slither / Echidna / Foundry / Halmos), formal verification (Certora / SMTChecker / K), audit-report structure, remediation verification, and multi-chain coverage.