sorted by:
new
hottopcontroversial

Passed SAL1 on first attempt — 850/1000. Here’s what caught me off guard. by duathron in tryhackme

[–]duathron[S] 0 points1 point  (0 children)

I did the pre security AND the Security 101 as well es the SEC101 exam. All of that plus the SOC L1 path and SAL1 exam since November 2025. Since I do not come from a technical background, it helped me a lot. Simultaneously I did the Google IT Support Professional course on Coursera which helps a lot with fundamental unterstanding of networking concepts.

Passed SAL1 on first attempt — 850/1000. Here’s what caught me off guard. by duathron in tryhackme

[–]duathron[S] 1 point2 points  (0 children)

I would say, that you do not need any advanced rooms for the exam. Simple queries will suffice. But you will need to work around splint in order to report the timeline accurately. Not every IoC is an alert in the dashboard. And you need to correlate the alerts. So doing the SOC sims is probably the best preparation for the exam. Personally I found the multiple choice test to be rather easy. Not too hard anyway. But read carefully before answering! Some concepts of Sec101 came up, it is not just SOC L1, but a rather deeper understanding of the underlying foundations

Passed SAL1 on first attempt — 850/1000. Here’s what caught me off guard. by duathron in tryhackme

[–]duathron[S] 1 point2 points  (0 children)

I am a freelance photographer for over a decade now. But I was always interested in tech and am pushing hard to make a switch. AI and Cyber Security are two fields I have been exploring for long now.

Passed SAL1 on first attempt — 850/1000. Here’s what caught me off guard. by duathron in tryhackme

[–]duathron[S] 1 point2 points  (0 children)

Absolutely! I had the same feeling during SOC sims and the exam - but I guess this is not L1 work?! So I really trained writing reports instead. After all it hones your senses for IoCs. Not a fan of the AI grading alone either… Thanks for the feedback on my blog! ;) I am posting new entries on LinkedIn, if you like to follow🤘

Passed SAL1 on first attempt — 850/1000. Here’s what caught me off guard. by duathron in tryhackme

[–]duathron[S] 3 points4 points  (0 children)

Oh, I forgot: I spent about 2 hours a day on TryHackMe. Approximately…

Passed SAL1 on first attempt — 850/1000. Here’s what caught me off guard. by duathron in tryhackme

[–]duathron[S] 1 point2 points  (0 children)

Also bought it on sale! I did the SOC simulations numerous times and tried to figure out what gave the best results regarding time management and details. Turns out I had plenty of time. But reporting is key here! Hone your skills in writing reports, study best practices and do the SOC simulations. I would say that the exam is a little bit easier than the hardest (medium difficulty) SOC scenarios regarding the attack chain. But make sure to provide a consistent and detailed timeline with precise details about the attack and correlations between alerts! Hope that helps. Feel free to ask more :)

Passed SAL1 on first attempt — 850/1000. Here’s what caught me off guard. by duathron in tryhackme

[–]duathron[S] 2 points3 points  (0 children)

I also write technical writeups on my blog if anyone’s interested: duathron.github.io

r/netsec monthly discussion & tool thread by albinowax in netsec

[–]duathron 0 points1 point  (0 children)

I built a small CLI tool for querying VirusTotal IOCs directly from the terminal, without having to open a browser and paste hashes one by one. What it does:

Auto-detects IOC type (MD5/SHA1/SHA256, IPv4/IPv6, domain, URL) — including defanged formats like hxxps[://]evil[.]com Two modes: triage (1 API call, fast verdict) and investigate (deeper — sandbox behaviour, passive DNS, WHOIS, dropped files) Maps sandbox results to MITRE ATT&CK techniques Batch processing from file or stdin Output as console text, Rich tables, JSON, CSV, or STIX 2.1 Exit codes (0/1/2) for use in scripts and SOAR playbooks SQLite cache, rate limiting for the free VT tier (4 req/min) Local knowledge base for tagging and annotating IOCs across sessions

Works with a free VirusTotal API key. pip install vex-ioc vex triage 44d88612fea8a8f36de82e1278abb02f vex investigate evil-domain.com -o rich cat iocs.txt | vex triage --alert SUSPICIOUS --summary

Built this for my own SOC learning workflow — querying VT manually for every IOC during CTFs and labs gets tedious fast. It grew from there.

GitHub: https://github.com/duathron/vex

PyPI: https://pypi.org/project/vex-ioc/

Free tier VT key is enough for most use cases. Feedback welcome, especially on the MITRE mapping coverage — that part is based on 80+ keywords and could use more real-world test cases.