top of page

CYBER SEC PROJECTS & JOURNALS

[PROJECT]
ACTIVE DIRECTORY HOMELAB WITH SPLUNK INTEGRATION
 

The Active Directory Home Lab project aimed to establish a comprehensive environment for learning Active Directory administration and cybersecurity practices. The primary focus was to set up an Active Directory environment, integrate it with Splunk for log analysis, and simulate attacks using Kali Linux and Atomic Red Team. This hands-on experience was designed to deepen understanding of IT administration, attack patterns, and defensive strategies.

​

Skills Learned

  • Advanced understanding of Active Directory setup and administration.

  • Proficiency in configuring and using Splunk for log ingestion and analysis.

  • Ability to simulate and recognize cyber attack signatures and patterns.

  • Enhanced knowledge of network protocols and security vulnerabilities.

  • Development of critical thinking and problem-solving skills in cybersecurity.

Tools Used

  • Active Directory on Windows Server 2022 for managing resources.

  • Splunk for Security Information and Event Management (SIEM) to analyze logs and telemetry.

  • Kali Linux for simulating cyber attacks.

  • Atomic Red Team for generating realistic attack scenarios and telemetry.

[JOURNAL]
SPLUNK BOSS OF THE SOC
 

The Boss of the SOC (BOTS) simulation series offers hands-on security training using Splunk, designed in a jeopardy-style capture-the-flag format focused on analyzing and investigating ransomware attacks. In the scenario, we take on the role of Alice Bluebird, a SOC analyst at Wayne Enterprises, tasked with defending against cyber threats. The simulation involve real-world scenarios such as investigating website defacements and tracing attacker activities. This training enhances skills in threat detection, incident response, and using Splunk for detailed analysis and defense strategies, crucial for safeguarding organizations from cyber threats.

 

Skills Learned

  • Gain advanced understanding of Active Directory setup and administration.

  • Develop proficiency in configuring and utilizing Splunk for log ingestion and analysis.

  • Acquire the ability to simulate and identify cyber attack signatures and patterns.

  • Enhance knowledge of network protocols and security vulnerabilities.

  • Cultivate critical thinking and problem-solving skills in cybersecurity.

Tools Used

  • Active Directory: Windows Server 2022 for managing resources.

  • Splunk: Security Information and Event Management (SIEM) for log and telemetry analysis.

  • Kali Linux: Platform for simulating various cyber attacks.

  • Atomic Red Team: Toolset for generating realistic attack scenarios and telemetry.

[PROJECT]
CYBERSEC SOC LAB WITH XDR AND SOAR CAPABILITES

The SOC Automation Lab project aimed to establish a comprehensive environment for simulating and automating security operations. The primary focus was to integrate Wazuh as a SIEM and XDR solution, The Hive for case management, and Shuffle for SOAR capabilities. This hands-on experience was designed to deepen understanding of SOC operations, incident response, and cybersecurity

​

Skills Learned

  • Advanced understanding of SIEM and XDR concepts and their practical applications.

  • Proficiency in configuring and managing case management systems.

  • Ability to design and implement SOAR playbooks for automated incident response.

  • Enhanced knowledge of security operations center (SOC) workflows and processes.

  • Development of critical thinking and problem-solving skills in cybersecurity automation.

Tools Used

  • Wazuh for Security Information and Event Management (SIEM) and Extended Detection and Response (XDR).

  • The Hive for case management and incident tracking.

  • Shuffle for Security Orchestration, Automation, and Response (SOAR) capabilities.

  • Cloud platforms for deploying and managing the SOC lab environment.

[JOURNAL]
TRAFFIC-ANALYSIS:
JANURARY 2023 - UNIT 42 WIRESHARK 

This guide delves into an in-depth analysis of a traffic exercise from “Malware-Traffic-Analysis.Net,” an online resource offering simulations of PCAP files and malware infections. I explored the January 2023 Unit 42 Wireshark Quiz which focuses on a recent security incident involving the 'Agent Tesla' malware. This analysis aims to investigate the malware's infection process from dropping an suspicious .iso file, executing file and initiating payload, and generating HTTP and SMTP traffic to mask the payload and exfiltrate data back to its C2 (Command and Control) server. 

​

Skills Learned

  • Proficiency in network traffic analysis using Wireshark.

  • Capability to identify and analyze malicious traffic.

  • Understanding of various network protocols (HTTP, SMTP, TCP).

  • Ability to extract and interpret system information from network traffic.

  • Experience in investigating malware behavior and data exfiltration techniques.

Tools Used

  • Wireshark: For capturing and analyzing network traffic.

[PROJECT]
AZURE SENTINEL HONEYPOT: MONITORING GLOBAL CYBER ATTACKS

This honeypot project is dedicated to creating an environment for simulating and monitoring cyber attacks worldwide. The main goal is to deploy Azure Sentinel as a cloud-based Security Information and Event Management (SIEM) system and configure a virtual machine as a honeypot. By intentionally exposing vulnerabilities, we simulate real-world cyber attacks originating from diverse global locations. This project offers practical insights into configuring Azure services, analyzing log data, and visualizing attack patterns using Azure's tools. This allows hands-on experience in cybersecurity operations and SIEM functionalities while enhancing skills in threat monitoring and defense strategies against cyber threats.

​

Skills Learned

  • Understanding of cloud-based Security Information and Event Management (SIEM) systems, specifically Azure Sentinel.

  • Proficiency in setting up and configuring virtual machines (VMs) in cloud environments.

  • Ability to configure network security groups (NSGs) and manage firewall rules for VMs.

  • Hands-on experience in ingesting and transforming logs using Azure Log Analytics.

  • Knowledge of PowerShell scripting for log data transformation and integration with third-party APIs.

  • Familiarity with visualizing attack data geographically using Azure Sentinel.

Tools Used

  • Azure Sentinel: Cloud-native SIEM for log ingestion, detection, and visualization.

  • Azure Virtual Machines: Used as honeypots for simulating cyber attacks.

  • Azure Log Analytics: Repository for storing and analyzing log data from VMs.

  • PowerShell: Scripting language used to extract and process log data for geographical visualization.

  • Third-party APIs: Used to derive geolocation data from IP addresses.

More Coming Soon!

©2024 by Michael Ly

bottom of page