🔐 Hands-on SOC lab - 12 tools (OpenSearch, Suricata, Zeek, MISP, Caldera, Velociraptor + AI agents) via Docker Compose. MITRE ATT&CK v14. Free
-
Updated
Jul 3, 2026 - HTML
🔐 Hands-on SOC lab - 12 tools (OpenSearch, Suricata, Zeek, MISP, Caldera, Velociraptor + AI agents) via Docker Compose. MITRE ATT&CK v14. Free
A set of Windows tools designed for SOC labs and controlled test environments providing automated TLS key logging setup for web encrypted traffic analysis and enabling or disabling of 16 Windows Defender components (9 functional protection components and 7 services/drivers) to support malware research, detection engineering, and Blue Team training.
Enterprise Security Operations Lab featuring Active Directory, Windows Security Monitoring, Windows Event Forwarding (WEF), Microsoft Defender, Splunk SIEM, Threat Detection, Alerting, and SOC Use Cases.
SOC monitoring lab built using Graylog, OpenSearch, and Ubuntu. Includes log ingestion, detection engineering, alerting, and dashboards.
Professional High-Concurrency Port Scanner & Vulnerability Auditor | Engineered for SOC & Wazuh SIEM Integration.
ICMP Protocol Analysis Lab using Wireshark – A hands-on cybersecurity lab focused on capturing and analyzing ICMP Echo Request and Reply packets, interpreting protocol fields, and applying Wireshark filters for investigation.
Building a hands-on Home AD Lab and experimenting with SOC monitoring.
SOC Security Monitoring Lab using Splunk Enterprise, Sysmon, Windows Event Logs, Custom dashboards, SPL detections, and alerts.
Ubuntu 22.04 server hardening with CIS Benchmark Level 2, auditd, UFW, fail2ban, and SSH key authentication
JUMAL (Junior Malware Analyst) - AI-powered tool for malware triage
A lightweight Home SOC Lab optimized for low-resource devices. Featuring Suricata IDS/IPS, Filebeat on Parrot OS (VM), and Elastic Stack on Docker/WSL2.
Attack simulations with full SIEM analysis, Wireshark packet captures, and structured investigation reports - Nmap recon, RDP brute force, and more.
Your full Guideline on how to install, deploy and use the Wazuh SIEM tool for newbies.
A hands-on Azure Cybersecurity lab focused on monitoring real-time RDP brute-force attacks using Windows Event Viewer and Geolocation tracking.
SOC analyst home lab — Splunk SIEM, Kali Linux, Ubuntu on Mac M1
Add a description, image, and links to the soc-lab topic page so that developers can more easily learn about it.
To associate your repository with the soc-lab topic, visit your repo's landing page and select "manage topics."