زكاة العلم نشره

CYBERSECURITY · LIBRARY

Half of what we know, we learned from someone else's notes. So we started writing ours down.

IncidentLab is a public notebook of write-ups, tools, detections, DFIR notes, references, and conversations with people who taught us things. Take what's useful. Leave the rest.

▸ WATCH ON YOUTUBE @IncidentLab_sa

episodes.md

Latest episodes

All episodes on YouTube →

Threat intelligence

Modern CTI Tradecraft

Abdulrahman Al-Omari

Jul 16, 2025

Human factor

The Enemy is Our Mindset

Taha Hakeem

Sep 21, 2025

Detection engineering

The Art of Use Cases

Mohammad Al-Shawi

May 20, 2025

Defensive · SOC ops

Beyond the Blind Spots

Ibrahim Bahah

Feb 19, 2025

Offensive · Active Directory

Low Priv to Domain Admin

Mohammad Kantar

Aug 14, 2025

Offensive · Evasion

Unmasking Cobalt Strike

Mohammad Al-Zahrani

Oct 9, 2024

about_incidentlab.md

A library for practitioners, by practitioners.

IncidentLab is a cybersecurity library and a session series.

We will provide a security operations library: artifacts, references, runbooks, and write-ups that real responders reach for during an incident, alongside sessions with practitioners walking through real cases in their corner of the field.

Watch on YouTube About