Welcome to my primary project repository. This collection documents my progression from foundational SOC analysis to advanced Threat Hunting and AI-driven security automation.
Before diving into the projects, view the Client-Server Architecture used to build this cyber range. 👉 View the Full Lab Documentation
- Server: Dell OptiPlex 7440 AIO (ESXi 8.0 Type-1 Hypervisor)
- Storage: 2TB Dedicated Datastore for VMs
- Management: MacBook Pro M2 (via Static IP
10.0.0.10)
This repository is organized into three distinct evolutionary phases:
Focus: The core skills of a Tier 1/Tier 2 SOC Analyst.
- Network Traffic Analysis: Packet capture analysis using Wireshark and TCPDump (e.g., SYN Flood investigations).
- Log Analysis: Linux forensics (
auth.log,syslog) and Windows Event Log review. - Core Skills: PCAP analysis, OSI Model application, basic anomaly detection.
Focus: Proactive detection and the "Art of Investigation."
- SIEM Operations: End-to-end log ingestion and querying in Splunk.
- Threat Hunting: Hypothesis-driven hunts for C2 beacons, lateral movement, and persistence mechanisms.
- Frameworks: Mapping detections to MITRE ATT&CK TTPs.
Focus: Scaling analysis with Code and Logic.
- Data Science for Security: Using JupyterLabs, Pandas, and Matplotlib to visualize large security datasets.
- Probabilistic Triage: Applying Bayesian logic to reduce alert fatigue and calculate false positive rates.
- Automation: Python scripts for log parsing and enrichment.
| Project Name | Tech Stack | Type | Status |
|---|---|---|---|
| Lab Setup & Architecture | VMware ESXi, Dell AIO | Infrastructure | ✅ Complete |
| SYN Flood Analysis | Wireshark, Python | Traffic Analysis | 🚧 In Progress |
| Splunk C2 Hunt | Splunk, Sysmon | Threat Hunting | 📝 Planned |
These projects are for educational and defensive purposes only. All attacks are simulated in a closed, isolated sandbox environment.