https://github.com/dacyborg87/cybersecurity-labs
Collection of my cybersecurity homelab projects
https://github.com/dacyborg87/cybersecurity-labs
home-lab home-lab-dashboard home-lab-detections kali-linux linux siem suricata sysmon threat-hunting ubuntu ubuntu-server wazuh wazuh-agent windows windows-11
Last synced: about 2 months ago
JSON representation
Collection of my cybersecurity homelab projects
- Host: GitHub
- URL: https://github.com/dacyborg87/cybersecurity-labs
- Owner: dacyborg87
- License: mit
- Created: 2025-09-16T04:37:34.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2025-09-23T00:12:03.000Z (9 months ago)
- Last Synced: 2025-09-23T01:18:58.330Z (9 months ago)
- Topics: home-lab, home-lab-dashboard, home-lab-detections, kali-linux, linux, siem, suricata, sysmon, threat-hunting, ubuntu, ubuntu-server, wazuh, wazuh-agent, windows, windows-11
- Homepage:
- Size: 1.12 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
# Cybersecurity Labs
A collection of my hands-on cybersecurity projects, built in my home lab to practice **SOC analyst workflows, detection engineering, and incident response**.
I use this repo to document my learning process, share configurations, and showcase detection techniques aligned with the **MITRE ATT&CK framework**.
---
## ๐น Lab Overview
- **SIEM:** Wazuh (log collection, alerting, correlation)
- **IDS:** Suricata (network intrusion detection, custom rule writing)
- **Endpoints:** Windows 11 VM (with Sysmon), Ubuntu/Kali Linux
- **Networking Tools:** Nmap, Wireshark
- **Scripting:** PowerShell, Bash
---
## ๐น Projects
### 1. Home SOC Lab: Wazuh SIEM
- Deployed Wazuh for centralized log collection.
- Integrated Windows (Sysmon) and Linux endpoints.
- Built detection rules mapped to MITRE ATT&CK (brute force, privilege escalation, persistence).
- **Skills:** SIEM, Log Analysis, Incident Response.
---
### 2. Suricata IDS & Custom Rule Writing
- Deployed Suricata to monitor network traffic.
- Wrote custom rules to detect:
- Brute force attempts
- Port scanning
- Suspicious PowerShell activity
- Tuned alerts to reduce false positives.
- **Skills:** IDS/IPS, Detection Engineering, Network Security.
---
### 3. Windows Event Logging with Sysmon
- Configured Sysmon for advanced event collection.
- Forwarded logs to Wazuh for correlation.
- Detected simulated persistence and lateral movement.
- **Skills:** Sysmon, Windows Event Logging, Threat Detection.
---
### 4. Threat Detection Playbook
- Documented detection and response workflows for:
- Brute force login attempts
- Malware execution
- Privilege escalation
- Created repeatable incident response steps.
- **Skills:** Threat Hunting, MITRE ATT&CK, Incident Response.
---
### 5. Network Scanning & Reconnaissance
- Conducted scans with Nmap to discover open ports & services.
- Simulated attacker reconnaissance.
- Compared results with vulnerability scans.
- **Skills:** Nmap, Recon, Vulnerability Testing.
---
## ๐น How to Use This Repo
- Each folder contains documentation, configs, and screenshots for a lab.
- Files are organized so others can reproduce the labs in their own environment.
- Example workflow:
1. Review project README.
2. Deploy VM(s).
3. Import configuration files.
4. Recreate detection & analyze alerts.
---
## ๐น Roadmap
- Add more MITRE ATT&CK technique coverage
- Expand Suricata rules (HTTP, DNS, C2 detection)
- Integrate Elastic Stack dashboards
- Document incident response โcase studiesโ
---
## ๐น Author
**Dominic โDJโ Jones**
- Aspiring Tier 1 SOC Analyst (San Antonio, TX)
- Currently working toward **CompTIA A+ & Security+**
- Building hands-on skills in detection engineering & incident response
๐ [Connect with me on LinkedIn](https://linkedin.com/in/)
๐ [More projects coming soon]