Initializing secure session...
SYSTEM ONLINE 00:00:00
Open to Opportunities · Hyderabad, India
// SOC Analyst · Incident Response

Swetha Devi Sai Priya Bonu

$ role —> 
$ tool —> 

SOC Analyst with 1+ year of experience in threat detection, alert triage, and incident investigation across enterprise environments. Hands-on with the Microsoft Security Stack — MDE, Sentinel, Defender for O365, Entra ID, MDCA. HTB CDSA certified. MITRE ATT&CK-aligned across identity, endpoint, and email vectors.

MITRE ATT&CK Microsoft Sentinel MDE / Defender XDR KQL Incident Response Alert Triage Python / Bash ★ HTB CDSA ★ CAP
LinkedIn Medium Research Get in Touch
0
SOC Experience
0
Certifications
0
Alerts Triaged
0
Published Research
OPERATOR PROFILE v2.1
SD
Swetha Devi S.P. Bonu
@unabletofind
ROLESOC Analyst
FOCUSIncident Response
LOCHyderabad, IN
CLEARANCECDSA · CAP
STATUS⬤ Available
Now
Learning malware analysis with TCM Security, building a home lab with Wazuh + Sysmon, and publishing detection rules on GitHub.
scroll
// 01 — Shell

Interactive Terminal

swetha@soc:~$ interactive shell

Welcome to Swetha's interactive terminal. Type help to get started, or click a suggestion below.

swetha@soc:~$ 
whoami skills experience research contact banner hire sudo
// 02 — Services

What I Do

Alert Triage & Investigation
Structured incident analysis across identity, endpoint, and email vectors. Validate alerts, extract IOCs, and build context-rich timelines.
MDESentinelMDCA
Identity & Entra Investigation
Entra ID sign-in analysis, OAuth consent abuse, conditional access reviews, and AiTM session hijack triage. Account containment via session revoke + token reset.
Entra IDOAuthAiTM
Incident Response
Endpoint isolation, account disable, session revocation, URL blocking, and live response. Containment-first with documented playbooks.
Live ResponseEntra IDJira
Email Threat Analysis
Header inspection, SPF/DKIM/DMARC validation, sender reputation, URL detonation. Specialized in AiTM phishing and BEC patterns.
MDOURL SandboxVT
MDCA & Cloud App Security
Microsoft Defender for Cloud Apps alert review, OAuth app risk scoring, anomaly detection, and SaaS data exfiltration investigation across Microsoft 365.
MDCAM365SaaS
Cybersecurity Mentoring
Teach SOC operations, IAM fundamentals, and ethical hacking with hands-on labs. Bridge theory and real-world workflows.
SOCIAMLabs
// 03 — Featured Investigation

Case Study

Supply Chain · Confirmed
CPUID Breach: STX RAT Delivered via Trojanized CPU-Z & HWMonitor Downloads
Threat actors compromised CPUID's secondary download API for ~6 hours, redirecting users to Cloudflare R2-hosted trojanized installers. Multi-stage in-memory RAT with credential theft, browser harvesting, and AMSI bypass capabilities. Full attack chain analysis with MITRE ATT&CK mapping, KQL hunts, IR playbooks, and YARA signatures.
5
In-Memory Stages
150+
Confirmed Victims
18
MITRE Techniques
10mo
Campaign Span
Read Full Investigation
// 04 — Arsenal

Skills & Tools

Detection & Investigation
Alert Triage & Analysis92%
Email Header Analysis90%
IOC Extraction & Enrichment85%
Incident Response88%
Microsoft Security Stack
Microsoft Sentinel90%
Defender for Endpoint88%
Defender for Office 36586%
Entra ID / MDCA82%
Threat Intelligence
MITRE ATT&CK93%
VirusTotal / AbuseIPDB88%
Mandiant IOCs / OTX85%
Cyber Kill Chain88%
// Daily Toolkit
Sentinel
MDE
MDO 365
Entra ID
MDCA
MITRE
VirusTotal
AbuseIPDB
Jira
Python
Bash / PS
Forcepoint
// 05 — Pulse

SOC Activity

Last 12 months · Investigations, hunts, and research
Less
More
0
// Total Active Days
0
// Longest Streak
~12
// Avg / Week
// Currently Active
// 06 — Now

Currently Learning

// In Progress · May 2026
Malware Analysis · TCM Security
Working through the Practical Malware Analysis & Triage course by Matt Kiely — static & dynamic analysis, unpacking, behavioral detection, and reverse engineering with x32dbg + Ghidra. Goal: triage a sample end-to-end and write the YARA rule that catches the next variant.
x32dbg Ghidra PE Analysis YARA Sandboxing → See full /now
// 07 — Detections

Detection Rules

Hunting queries and detection logic I've written or adapted while triaging real alerts. Mapped to MITRE, severity-tagged, and ready to paste into your SIEM.

View all detection rules
// 08 — Labs

CTFs & Labs

Hands-on practice across blue team and offensive labs. Each one teaches something I take back to the SOC desk.

View all labs & CTFs
// 09 — Timeline

Experience

Cybersecurity Analyst — AI-Augmented SOC
TriArmour AI Private Limited, Hyderabad
Nov 2024 – Present
Investigated identity, endpoint, and email security incidents using MDE, Microsoft Sentinel, Defender for Office 365, Entra ID, and MDCA. Performed structured incident analysis across anomalous sign-in activity, AiTM indicators, suspicious process execution, lateral movement, and phishing campaigns. Triaged alerts in MTO, managed incidents through USO, tracked tickets in Jira — executing endpoint isolation, account disable, session revocation, URL blocking, and live response. Validated suspicious emails via header inspection, SPF/DKIM/DMARC validation, sender reputation, and URL analysis. Correlated alerts with Mandiant IOCs, AlienVault OTX, VirusTotal, and AbuseIPDB.
500+alerts triaged
5+platforms operated
24/7SOC coverage
MITREaligned investigations
Microsoft SentinelMDEDefender for O365Entra IDKQLJiraForcepoint DLPMITRE ATT&CK
Cybersecurity Instructor
Freelance / Academic Mentoring
2024 – Present
Taught core cybersecurity concepts to students and peers, covering SOC operations, Identity & Access Management (IAM) fundamentals with hands-on labs, Zscaler basics for cloud security, and ethical hacking foundations. Bridged the gap between theory and real-world SOC workflows, helping learners understand alert triage, access control principles, and network security posture.
SOC OperationsIAMZscalerEthical HackingLab Facilitation
Cybersecurity Intern
GradeSpot IT
Sep 2023 – Mar 2024
Performed vulnerability assessments using Nessus, identifying high-risk misconfigurations. Completed hands-on training in ethical hacking and SOC operations. Contributed to security awareness training development and incident response playbook documentation.
NessusEthical HackingVulnerability AssessmentIR PlaybooksGoPhish
B.Tech in Cyber Security
Sri Indu College of Engineering and Technology · CGPA: 8.12
Nov 2021 – May 2025
Specialized undergraduate degree in Cyber Security covering network security, ethical hacking, cryptography, digital forensics, and SOC operations.
Cyber SecurityNetwork SecurityDigital Forensics
// 09b — Certs

Certifications

CDSA
Certified Defense Security Analyst · Hack The Box
CAP
Certified AppSec Practitioner · SeCops Group
Jr PenTester Path
TryHackMe
// 10 — Research

Attack Deep Dives

Showing latest publications. In-depth analysis covering attack chain, methodology, detection rules, and IR playbooks.

View All Research Posts  →
// 11 — Contact

Connect

Email
swethadevi1125@gmail.com
LinkedIn
Connect professionally
Medium
Security write-ups
GitHub
Detection rules & tools

Let's defend together

Open to SOC analyst roles, incident response collaboration, and speaking opportunities. Reach out via email or LinkedIn — I respond within 24 hours.

View Resume Send Message
// Quick Navigation
Services
Skills & Tools
Experience
Research
Contact Me
View Resume