Sneh Bavarva

New Series: Kill Chain Weekly: A DFIR Casebook Series

July 17, 2025☕︎ 2 min read

“Two incidents a week. Realistic. Practical. Battle-tested.”

Why I decided this?

Hello Everyone, Since I am learning a lot of things about DFIR recently and understanding incidents and creating my own via home labs. I thought it would be best to share whatever I am learning via blog and making it a investigation series.

My Vision

Starting next week, I am launching my new blog series where I break down realistic cybersecurity incidents from phishing and credential theft to ransomware, persistence, and data exfiltration. Or else I will create my own scenarios inspired by real incidents.

The goal is to help myself and readers like you to better understand how attackers operate and how defenders can respond effectively.

I will try to cover:

  • What really happens during an incident?
  • How I’d detect the breach (with different logs, tools, SIGMA/YARA etc)
  • How I’d investigate it step-by-step
  • What I’d do to contain, eradicate, and recover
  • Post-incident lessons and how it maps to MITRE ATT&CK & NIST IR Framework

As I told, Some scenarios are crafted, some inspired by DFIR reports or threat intel, but all will reflect real-world blue team thinking.

I plan to publish it twice a week as of now and stay tuned for the first post: “Gift Card Gone Wrong — A Phishing-to-Exfiltration Chain”

Interested to collaborate?

Feel free to reach out via my contact page, schedule a meeting on Calendly/Topmate, or connect directly on LinkedIn .