A set of Windows tools designed for SOC labs and controlled test environments providing automated TLS key logging setup for web encrypted traffic analysis and enabling or disabling of 16 Windows Defender components (9 functional protection components and 7 services/drivers) to support malware research, detection engineering, and Blue Team training.

This project focuses on designing and deploying a Virtual Security Operations Center (SOC) lab environment using open-source security tools. The lab integrates Suricata (Intrusion Detection System) with the Elastic Stack (Elasticsearch, Kibana, and Filebeat) to detect, process, and visualize security events.