Personal SOC lab using T-Pot CE on AWS to analyze real-world attack telemetry through Honeypots, Suricata, and offline log analysis

Pentest Lab: Recon (Nmap) + DAST (OWASP ZAP baseline/full) against OWASP Juice Shop with reproducible HTML/TXT/PNG evidence and optional SOC correlation.

Practical SOC detection engineering and incident response case studies, including SIEM/XDR detections, alert triage, and malware analysis.

Red Team / Adversary Emulation Reference — Full ATT&CK kill chain mapper & TTP flows

Governance-focused incident response framework aligned with NIST 800-61, operational resilience, executive reporting, and cyber risk management principles.

Machine learning project for classifying cybersecurity incidents (TP, BP, FP) using the GUIDE dataset. Includes data preprocessing, feature engineering, model benchmarking, and evaluation with macro-F1, precision, and recall. Supports SOC automation, threat detection, and enterprise security management.

Wireless Zero Trust Detection & Response lab using Python and Scapy, with deauth flood, unknown MAC, Evil Twin, beacon flood detection, trust scoring, JSON alerts, and CI.

Blue Team / Defensive Security Reference — Full ATT&CK-aligned lifecycle mapper, workflows, tools & TTPs

Portable SIEM detection toolkit with Sigma rules, Sysmon config, and Wazuh custom rules mapped to MITRE ATT&CK.

SOC triage tool to enrich Windows command-line logs with MITRE mapping and analyst context

Incident Response investigation of a multi-stage attack detected in Microsoft Defender for Endpoint telemetery

Multi-threaded network scanner with MITRE ATT&CK T-code mapping. Built with Python raw sockets for deep packet analysis

Detects unauthorized Modbus RTU write activity using Python telemetry and Splunk correlation mapped to MITRE ATT&CK for ICS.

SOC Alert Triage Lab – Simulated SOC alert classification and triage using Python.

Evidence-based SOC Tier 1/2 projects: log pipelines, alert triage, detection rules, threat hunting, incident tickets, and lab writeups (Wazuh, Sysmon, Zeek, Suricata, Velociraptor).

Enterprise Active Directory security lab focused on privileged access hardening, audit policy configuration, detection engineering, and incident response. Simulates unauthorized privilege escalation attacks with forensic log analysis and MITRE ATT&CK mapping.

SOC-style ransomware investigation using KQL (Azure Data Explorer)

Real-time SOC monitoring dashboard with brute-force detection, threat intelligence enrichment, MITRE ATT&CK mapping and incident response workflow.

Command-line (proctitle) classification into MITRE ATT&CK techniques using TF-IDF + Logistic Regression and an LSTM baseline, with a custom token pattern tailored for cyber artifacts (IPs, paths, flags, URLs).

Cybersecurity learning lab based on MITRE ATT&CK & SHIELD, documenting my hands-on Red and Blue Team practice and security skills development