Author: Roman Mares
Company: Delta Force Security LLC — Phoenix, AZ
Education: AAS Cybersecurity + Linux Administration — Scottsdale Community College
GitHub: Romanm24 | LinkedIn: roman-mares-
Hands-on blue team documentation covering incident response procedures, SOC workflows, APT threat intelligence, and disaster recovery simulations. All content aligns with industry-standard frameworks and reflects real-world scenarios encountered in enterprise security operations.
Frameworks covered: NIST SP 800-61r2 · MITRE ATT&CK · NIST SP 800-34 · SANS IR Process · ISO 22301
| Directory | Document | Description |
|---|---|---|
| blue-team-handbook/ | IR Procedures | Full NIST 800-61r2 playbook — triage, containment, eradication, recovery |
| salt-typhoon-research/ | Salt Typhoon APT | PRC threat actor profile, TTPs, IOCs, YARA/Sigma detection rules |
| dr-failover-simulation/ | DR Simulation | Tabletop injects, AWS failover runbook, backup validation |
- Incident classification (P1–P5 severity matrix, NIST categories)
- SOC detection queries (Splunk SPL, Zeek, Suricata)
- Playbooks for ransomware, BEC, and insider threat
- Salt Typhoon — MITRE ATT&CK mapping, CALEA infrastructure targeting, IOCs
- DR failover — RTO/RPO objectives, AWS cutover runbook, tabletop exercise injects
- Post-incident reporting templates and metrics (MTTD, MTTR, dwell time)
splunk · crowdstrike · wazuh · zeek · suricata · velociraptor · thehive · misp · volatility · autopsy · aws cli · sigma · yara
Supporting research and live detection content at Delta Force SOC AI.
All scenarios are simulated in isolated lab or tabletop environments. No classified or proprietary data is included. IOCs sourced from public CISA/FBI/NSA advisories.