Built to showcase my skills as a SOC Analyst and cybersecurity enthusiast, with a focus on threat intelligence, automation, and practical incident response.
git clone https://github.com/Iamfazi1/Portfolio.gitThis portfolio demonstrates hands-on SOC analyst capabilities including threat detection, log analysis, malware investigation, and alert triaging. It features a 60-day SOC challenge with daily real-world use cases, phishing email analysis reports, and the Faizan Email Analyzer—a web application that extracts metadata, validates authentication records (SPF, DKIM, DMARC), and performs phishing risk assessment on .eml and .msg files. Additional tools include a CSV splitter for batch email analysis and malware analysis reports documenting attack vectors and system impacts. Built for cybersecurity professionals, SOC analysts, and hiring managers evaluating blue team expertise.
["Install Sortd for Gmail: Add the Sortd extension to your Chrome browser from the [Chrome Web Store](https://chrome.google.com/webstore/detail/sortd-for-gmail/aohlfneeliakfcefeffppfplagbccbni) and sign in with your Google account.","Set Up Task Templates: In Sortd, create pre-defined task templates for common SOC workflows (e.g., 'Phishing Triage', 'C2 Beaconing Response', 'Malware Analysis'). Include fields for IOCs, MITRE ATT&CK techniques, and containment steps.","Automate Email Sorting: Use Sortd's kanban board to automatically categorize incoming threat emails by severity (Critical/High/Medium/Low) using custom labels or tags. Drag and drop emails into the appropriate column for triage.","Create Tasks from Emails: For each email, right-click and select 'Create Task in Sortd'. Populate the task with the threat summary, IOCs, and recommended actions. Assign the task to the appropriate team member and set a deadline.","Track Progress and Collaborate: Use Sortd's shared boards to track the progress of each task. Add comments, attach files (e.g., screenshots, logs), and update the status (e.g., 'In Progress', 'Awaiting Approval', 'Resolved').","Integrate with Threat Intelligence Tools: Use Sortd's API or Zapier to connect with tools like VirusTotal, AlienVault OTX, or MISP to automatically pull IOCs and enrich tasks with additional context."]
Analyzing phishing emails and validating sender authentication with SPF/DKIM/DMARC checks
Performing daily SOC analyst tasks including threat detection and alert triage
Extracting email metadata and artifacts (sender, receiver, IPs, links) for investigation
Documenting malware behavior and attack vectors for defensive strategies
No install command available. Check the GitHub repository for manual installation instructions.
git clone https://github.com/Iamfazi1/PortfolioCopy the install command above and run it in your terminal.
Launch Claude Code, Cursor, or your preferred AI coding agent.
Use the prompt template or examples below to test the skill.
Adapt the skill to your specific use case and workflow.
Act as a SOC Analyst using Sortd (ai-assistant) to automate and streamline threat intelligence workflows in Gmail. Review the inbox for [THREAT_TYPE] alerts from [SOURCE_DOMAIN] (e.g., phishing, malware, C2 beaconing). Categorize each email by [SEVERITY_LEVEL] (Critical/High/Medium/Low) based on [CRITERIA]. For each alert, create a task in Sortd with: 1) Summary of the threat, 2) Recommended containment steps, 3) Assigned owner, and 4) Deadline for resolution. Include links to relevant IOCs (Indicators of Compromise) and reference MITRE ATT&CK techniques where applicable.
### SOC Analyst Threat Intelligence Workflow - Sample Output **Inbox Review Summary:** Processed 12 new threat intelligence emails from *[email protected]* and *[email protected]* over the past 24 hours. Emails were categorized as follows: - **Critical (3):** Active phishing campaign targeting executive staff with payload delivery via malicious PDFs (SHA256: 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t). - **High (5):** C2 beaconing detected from internal host 192.168.1.45 to known malicious domain *evil-domain[.]xyz* (resolved to 10.20.30.40 via DNS). - **Medium (2):** Suspicious PowerShell command execution attempts in email attachments. - **Low (2):** Informational bulletins about new malware variants (no direct impact to our environment). **Sortd Task Board Creation:** 1. **Task: [CRITICAL] Phishing Campaign - Executive Targeting** - **Owner:** SOC Lead ([email protected]) - **Deadline:** 2023-11-15 18:00 UTC - **Description:** - **Threat Summary:** Active phishing campaign using spoofed emails mimicking internal HR communications. Payload: malicious PDF (SHA256: 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t) hosted on *malicious-site[.]com*. - **IOCs:** - Sender IP: 203.0.113.45 (Tor exit node) - Domain: *hr-payroll-update[.]com* (registered 2023-11-10) - MITRE ATT&CK: T1566.002 (Phishing), T1204.002 (User Execution via Malicious File) - **Containment Steps:** 1. Block sender domain/IP at firewall level. 2. Quarantine all emails with matching subject line. 3. Notify executive staff via internal alert. 4. Update EDR rules to detect the SHA256 hash. - **Links:** [VirusTotal Report](https://www.virustotal.com/gui/file/1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t), [AbuseIPDB Entry](https://www.abuseipdb.com/check/203.0.113.45) 2. **Task: [HIGH] C2 Beaconing - Internal Host Compromise** - **Owner:** Tier 2 Analyst ([email protected]) - **Deadline:** 2023-11-14 12:00 UTC - **Description:** - **Threat Summary:** Internal host 192.168.1.45 (asset tag: WS-2023-0456) beaconing to *evil-domain[.]xyz* (IP: 10.20.30.40) every 5 minutes. Initial detection via Suricata alert ID 12345. - **IOCs:** - Domain: *evil-domain[.]xyz* (first seen: 2023-11-12) - IP: 10.20.30.40 (associated with Cobalt Strike C2 infrastructure) - MITRE ATT&CK: T1071.001 (Application Layer Protocol: Web Protocols), T1571 (Non-Standard Port) - **Containment Steps:** 1. Isolate host 192.168.1.45 from network. 2. Initiate forensic analysis on the host. 3. Check for lateral movement to other hosts in the same subnet (192.168.1.0/24). 4. Review logs for unauthorized access to sensitive data. - **Links:** [AlienVault OTX Pulse](https://otx.alienvault.com/pulse/5f8e3d2c1a2b3c4d), [Shodan C2 Report](https://www.shodan.io/search?query=evil-domain.xyz) 3. **Task: [MEDIUM] Suspicious PowerShell Execution Attempt** - **Owner:** Tier 1 Analyst ([email protected]) - **Deadline:** 2023-11-16 09:00 UTC - **Description:** - **Threat Summary:** Email attachment *invoice_20231113.zip* contained a PowerShell script attempting to execute `Invoke-WebRequest` to download a second-stage payload from *pastebin[.]com/raw/abc123*. - **IOCs:** - Script Hash: SHA256: 987z6y5x4w3v2u1t0s9r8q7p6o5n4m3l2k1j0i - Destination URL: *pastebin[.]com/raw/abc123* - MITRE ATT&CK: T1059.001 (Command and Scripting Interpreter: PowerShell), T1105 (Ingress Tool Transfer) - **Containment Steps:** 1. Block the Pastebin URL at the proxy level. 2. Analyze the PowerShell script in a sandbox (e.g., Hybrid Analysis). 3. Update email gateway rules to flag similar attachments. 4. Notify the end-user who received the email. - **Links:** [Hybrid Analysis Report](https://www.hybrid-analysis.com/sample/987z6y5x4w3v2u1t0s9r8q7p6o5n4m3l2k1j0i), [VirusTotal Analysis](https://www.virustotal.com/gui/file/987z6y5x4w3v2u1t0s9r8q7p6o5n4m3l2k1j0i) **Workflow Efficiency Gains:** - Reduced manual triage time by 60% by automating categorization and task creation. - Improved team collaboration via real-time task assignment and progress tracking in Sortd. - Enhanced visibility into SOC workload with clear deadlines and ownership. - Integrated IOCs and MITRE ATT&CK references for faster incident response. **Next Steps:** - Monitor Sortd task board for completion of containment steps. - Schedule a debrief with the SOC team to review lessons learned from these incidents. - Update threat intelligence feeds with new IOCs for proactive defense.
Automate your browser workflows effortlessly
Get more done every day with Microsoft Teams – powered by AI
Automate security compliance and monitor real-time security posture seamlessly.
Automate your spreadsheet tasks with AI power
Agentic AI Workflow platform
Connected workspace for docs, wikis, and projects
Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan