This repository was designed to be a hands-on study aid for the CySA+ exam for particular domains and also strengthen my windows fundamentals within the security discipline.
Objective: Identify vulnerabilities and misconfigurations.
Repo Value:
- Hardening GPOs, registry keys, and WMI namespaces maps perfectly to vulnerability reduction.
- Sysmon + Event Viewer filters help detect anomalies in local configurations and behaviors.
- Use of PingCastle and ACLScanner shows risk-based asset analysis—exactly what this domain tests.
Objective: Analyze data to identify threats.
Repo Value:
auditpol, Sysmon, and WEF filters are all core to Windows telemetry collection. Custom XML filters and detection logic for event logs show you know what “normal” and “abnormal” look like. Your lab examples can become scenario-based walkthroughs: "We detected Event ID 7045 on multiple hosts. Investigation revealed a malicious service
Objective: Determine the nature of incidents and appropriate mitigation.
Repo Value:
Baseline logs help you define a “known-good” state. Registry and service auditing aligns with investigating persistence. Tying Sysmon events to MITRE ATT&CK gives structure to how incidents unfold—ideal for report writing or tabletop simulations.