SOC & Pentesting Portfolio

This portfolio contains a complete SOC L2 investigation lab along with an extensive collection of hands‑on penetration testing writeups. It demonstrates both defensive and offensive security skills through real attack simulations, log analysis, SIEM investigation, exploitation workflows, and privilege escalation techniques.

SOC Investigation Cases

These cases simulate realistic attacker activity across Windows and Linux systems, with full SIEM visibility, timeline reconstruction, and incident documentation.

• 0. Lab Setup – Virtual machines, network layout, Wazuh SIEM, DFIR‑IRIS, Sysmon, auditd, and service configuration.
• 1. Case 1 – Web Server Intrusion Attempt (Linux / Grav CMS)
• 2. Case 2 – Windows Host Compromise Attempt
• 3. Case 3 – Multi‑Stage Intrusion Simulation (Phishing → Execution → C2 → Exfiltration)

Each case includes evidence, SIEM queries, log artifacts, MITRE ATT&CK mapping, and conclusions based on the observed activity.

Hands‑On Penetration Testing Labs

This portfolio also includes more than 40 practical exploitation writeups across multiple platforms. These labs reinforce offensive security fundamentals such as enumeration, exploitation, privilege escalation, and post‑exploitation analysis.

• HackTheBox Machines – real‑world Linux and Windows challenges involving web exploitation, misconfigurations, privilege escalation, and service abuse.
• Vulnhub Machines – locally hosted vulnerable VMs focused on enumeration fundamentals, web vulnerabilities, and Linux privilege escalation.
• OffSec Proving Grounds – short, targeted exploitation exercises aligned with OSCP‑style workflows.

Each writeup follows a structured methodology: reconnaissance, service enumeration, vulnerability analysis, exploitation, privilege escalation, and key takeaways.

Skills Demonstrated

Defensive / SOC

• Log analysis (Windows Event Logs, Sysmon, Nginx access/error logs)
• SIEM investigation and alert correlation (Wazuh)
• Threat detection and pattern recognition
• Incident documentation and timeline reconstruction (DFIR‑IRIS)
• MITRE ATT&CK technique identification and mapping
• Threat hunting queries and filtering
• Analysis of attacker behavior and TTPs

Offensive / Pentesting

• Enumeration (web, network, service)
• Web exploitation (SQLi, LFI/RFI, file upload, CMS vulnerabilities)
• Linux & Windows privilege escalation
• Password cracking and credential harvesting
• Reverse shells, tunneling, and port forwarding
• Simple exploit development and PoC adaptation

Tools & Technologies

• Wazuh SIEM
• DFIR‑IRIS
• Kali Linux
• Windows 10
• Ubuntu Server (Grav CMS + Nginx)
• Sysmon
• auditd
• Metasploit
• Burp Suite
• Hydra / Hashcat
• MITRE ATT&CK Framework