Simulated credential theft by dumping LSASS using Task Manager. Detected the dump file with Sysmon logs and learned how to spot attack behavior using Event IDs 1 and 11. Built for Tier 1 SOC skill development.