Skip to content

dacyborg87/Cybersecurity-Labs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
playbooks
playbooks
 
 
rules
rules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
wazh-stats.png
wazh-stats.png
 
 
wazuh-alerts.png
wazuh-alerts.png
 
 

Repository files navigation

Cybersecurity Labs

A collection of my hands-on cybersecurity projects, built in my home lab to practice SOC analyst workflows, detection engineering, and incident response.

I use this repo to document my learning process, share configurations, and showcase detection techniques aligned with the MITRE ATT&CK framework.

🔹 Lab Overview

  • SIEM: Wazuh (log collection, alerting, correlation)
  • IDS: Suricata (network intrusion detection, custom rule writing)
  • Endpoints: Windows 11 VM (with Sysmon), Ubuntu/Kali Linux
  • Networking Tools: Nmap, Wireshark
  • Scripting: PowerShell, Bash

🔹 Projects

1. Home SOC Lab: Wazuh SIEM

  • Deployed Wazuh for centralized log collection.
  • Integrated Windows (Sysmon) and Linux endpoints.
  • Built detection rules mapped to MITRE ATT&CK (brute force, privilege escalation, persistence).
  • Skills: SIEM, Log Analysis, Incident Response.

2. Suricata IDS & Custom Rule Writing

  • Deployed Suricata to monitor network traffic.
  • Wrote custom rules to detect:
    • Brute force attempts
    • Port scanning
    • Suspicious PowerShell activity
  • Tuned alerts to reduce false positives.
  • Skills: IDS/IPS, Detection Engineering, Network Security.

3. Windows Event Logging with Sysmon

  • Configured Sysmon for advanced event collection.
  • Forwarded logs to Wazuh for correlation.
  • Detected simulated persistence and lateral movement.
  • Skills: Sysmon, Windows Event Logging, Threat Detection.

4. Threat Detection Playbook

  • Documented detection and response workflows for:
    • Brute force login attempts
    • Malware execution
    • Privilege escalation
  • Created repeatable incident response steps.
  • Skills: Threat Hunting, MITRE ATT&CK, Incident Response.

5. Network Scanning & Reconnaissance

  • Conducted scans with Nmap to discover open ports & services.
  • Simulated attacker reconnaissance.
  • Compared results with vulnerability scans.
  • Skills: Nmap, Recon, Vulnerability Testing.

🔹 How to Use This Repo

  • Each folder contains documentation, configs, and screenshots for a lab.
  • Files are organized so others can reproduce the labs in their own environment.
  • Example workflow:
    1. Review project README.
    2. Deploy VM(s).
    3. Import configuration files.
    4. Recreate detection & analyze alerts.

🔹 Roadmap

  • Add more MITRE ATT&CK technique coverage
  • Expand Suricata rules (HTTP, DNS, C2 detection)
  • Integrate Elastic Stack dashboards
  • Document incident response “case studies”

🔹 Author

Dominic “DJ” Jones

  • Aspiring Tier 1 SOC Analyst (San Antonio, TX)
  • Currently working toward CompTIA A+ & Security+
  • Building hands-on skills in detection engineering & incident response

🔗 Connect with me on LinkedIn
🔗 [More projects coming soon]

About

Collection of my cybersecurity homelab projects

Topics

windows linux ubuntu suricata sysmon threat-hunting siem ubuntu-server kali-linux wazuh wazuh-agent windows-11 home-lab home-lab-dashboard home-lab-detections

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors