Overview
This site documents a personal security lab and hands-on cybersecurity projects. The goal is to build, test, and document practical security implementations in a structured and reproducible way — with an emphasis on real deployment work, validation, troubleshooting, and security-relevant outcomes. The focus is not on theoretical coverage, but on implementation, testing, and evidence collection that reflects Blue Team and Security Analyst work.This is a public portfolio repository. Sensitive information such as credentials, API keys, personal data, and environment-specific identifiers is removed, generalized, or sanitized before publication.
What this documentation covers
SIEM Deployment
End-to-end Wazuh deployment on a dedicated Ubuntu VM, including indexer, server, and dashboard components.
Endpoint Telemetry
Sysmon for Windows and Linux, centralized agent configuration, and Active Directory audit policy hardening.
Detection Engineering
Custom Wazuh rules for SharpHound AD reconnaissance and PowerShell abuse, mapped to MITRE ATT&CK techniques.
Integrations
VirusTotal integration with active response for automated malware remediation on Windows and Linux endpoints.
Container Security
Docker event monitoring via Wazuh and CIS Docker Benchmark assessment with SCA policy enforcement.
Security Dashboards
Custom dashboards for Active Directory activity, VirusTotal submissions, and anomaly detection across all endpoints.
Lab environment
The lab is built as a small but practical environment for security testing and documentation. It includes:- Virtualized infrastructure — Proxmox hypervisor hosting isolated lab VMs
- Network segmentation — VLANs with firewall policy enforcement between segments
- Centralized SIEM — Wazuh all-in-one on a dedicated Ubuntu VM (VLAN 10)
- Windows systems — Domain Controller (Windows Server 2025) and lab client (Windows 11 Enterprise)
- Linux systems — Ubuntu Server for additional monitoring and telemetry coverage
| Hostname | OS | Role | VLAN |
|---|---|---|---|
home-lab-wazuh-01 | Ubuntu Server 22.04 | SIEM Server | VLAN 10 (Lab-Security) |
home-lab-dc-01 | Windows Server 2025 | Domain Controller | VLAN 10 (Lab-Security) |
home-lab-client-01 | Windows 11 Enterprise | Lab Client | VLAN 10 (Lab-Security) |
home-lab-ubuntu-01 | Ubuntu Server 22.04 | Lab Server | VLAN 10 (Lab-Security) |
home-home-paw-01 | Windows 11 | Personal Workstation | VLAN 2 (Home) |
home-home-adguard-01 | DietPi (Debian) | Docker Host / DNS / VPN | VLAN 2 (Home) |
Current project
Wazuh Lab
Deployment and documentation of a dedicated Wazuh SIEM environment covering log collection, alerting, detection engineering, integrations, and custom dashboards.