SOC Lab Project - AWS, Elastic, TheHive, MISP, Cortex, Shuffle

A set of Windows tools designed for SOC labs and controlled test environments providing automated TLS key logging setup for web encrypted traffic analysis and enabling or disabling of 16 Windows Defender components (9 functional protection components and 7 services/drivers) to support malware research, detection engineering, and Blue Team training.

SOC monitoring lab built using Graylog, OpenSearch, and Ubuntu. Includes log ingestion, detection engineering, alerting, and dashboards.

Security operation center lab

ICMP Protocol Analysis Lab using Wireshark – A hands-on cybersecurity lab focused on capturing and analyzing ICMP Echo Request and Reply packets, interpreting protocol fields, and applying Wireshark filters for investigation.

Wazuh SIEM Implementation for Security Monitoring

End-to-end attack detection lab using Wazuh SIEM, Sysmon, and Windows event log analysis with MITRE ATT&CK mapping.

JUMAL (Junior Malware Analyst) - AI-powered tool for malware triage

A hands-on Azure Cybersecurity lab focused on monitoring real-time RDP brute-force attacks using Windows Event Viewer and Geolocation tracking.

Conducted separate network-level and log-based attack simulations to analyze detection capabilities across different sources

Your full Guideline on how to install, deploy and use the Wazuh SIEM tool for newbies.

SIEM-based SOC lab with real investigations, telemetry, and detection use cases across Windows & Linux

Windows Firewall Rule Lab – Creating inbound rule for TCP port 420 (AllowPing)

Designed and implemented a SOC home lab using pfSense and Suricata IDS/IPS to detect, analyze, and prevent real-world cyber attacks including scanning, exploitation, and brute-force attacks

PowerShell attack simulation and SOC detection analysis using Wazuh and Sysmon (MITRE ATT&CK Mapping).

SOC Alert Triage Lab – Simulated SOC alert classification and triage using Python.

SOC Lab using Wazuh (Brute Force + FIM Detection)