Hands-On Work

Cybersecurity Projects

Detailed breakdowns of real labs, investigations, and tools built to develop and demonstrate SOC readiness.

SOC Home Lab Setup

Microsoft SentinelSplunkSIEMLog AnalysisAzure
Active

Problem Statement

To gain practical SOC experience without enterprise access, I built a realistic home lab environment that simulates real-world security monitoring workflows.

Approach

  1. Set up a free-tier Azure environment and deployed Microsoft Sentinel as the SIEM.
  2. Configured log ingestion from Windows VMs, Linux machines, and simulated network devices.
  3. Created custom analytics rules to detect brute force, privilege escalation, and lateral movement.
  4. Built workbooks and dashboards to visualize security events in real time.
  5. Explored Splunk basics for log searching and alert creation.

Tools Used

Microsoft SentinelAzure Log AnalyticsSplunk FreeWindows Server VMUbuntu VMKQL

Screenshot: Sentinel Dashboard — Add your screenshot here

View on GitHub

Phishing Email Analysis

Email HeadersIOC ExtractionOSINTThreat Intel
Completed

Problem Statement

Phishing remains the #1 attack vector. I developed the ability to analyze suspicious emails, extract IOCs, and document findings in a structured format.

Approach

  1. Collected real-world phishing email samples from public repositories.
  2. Analyzed email headers to trace origin, relay servers, and spoofed domains.
  3. Extracted URLs, attachments, and embedded scripts for further analysis.
  4. Cross-referenced IOCs with VirusTotal, AbuseIPDB, and URLScan.io.
  5. Documented findings in a structured incident report format.

Tools Used

MXToolboxVirusTotalAbuseIPDBURLScan.ioEmail Header Analyzer

Screenshot: IOC Report — Add your screenshot here

View on GitHub

Malware Behavior Study

SandboxStatic AnalysisDynamic AnalysisWireshark
Completed

Problem Statement

Understanding how malware behaves is critical for SOC analysts. I conducted controlled malware analysis to identify malicious behavior patterns and document them for incident response.

Approach

  1. Set up an isolated sandbox environment using FlareVM and REMnux.
  2. Performed static analysis: file hashing, string extraction, PE header inspection.
  3. Ran dynamic analysis: monitored registry changes, file system activity, and network calls.
  4. Captured network traffic with Wireshark to identify C2 communication patterns.
  5. Wrote a full malware analysis report with IOCs and MITRE ATT&CK mapping.

Tools Used

FlareVMREMnuxPEStudioProcess MonitorWiresharkMITRE ATT&CK

Screenshot: Process Monitor — Add your screenshot here

View on GitHub

Log Analysis Dashboard

ELK StackPythonKibanaDashboards
Active

Problem Statement

Raw log data is difficult to interpret at scale. I built a custom dashboard to visualize security events, detect anomalies, and generate actionable insights.

Approach

  1. Deployed ELK Stack (Elasticsearch, Logstash, Kibana) locally.
  2. Ingested sample Windows Event Logs and Apache access logs.
  3. Used Python scripts to parse and normalize log formats before ingestion.
  4. Built Kibana dashboards showing failed logins, geographic access patterns, and error rates.
  5. Set up threshold-based alerts for suspicious activity.

Tools Used

ElasticsearchLogstashKibanaPython 3Windows Event Logs

Screenshot: Kibana Dashboard — Add your screenshot here

View on GitHub