Lab Environment

Labs built like operational evidence.

A focused view of hands-on technical projects — from scenario setup to analysis, decisions, documentation, and measurable outcomes.

03Featured technical labs
80+Failed logons detected
04Response workflow phases
02Professional certifications

Featured Labs

Hands-on work with clear outcomes.

Filter the lab board by discipline and open the work that has the strongest evidence trail.

Detection Engineering

Published

SOC Automation with Splunk

Brute-force detection workflow using Windows authentication events, SPL alert logic, triage decisions, and repeatable analyst response notes.

ScenarioSimulated brute-force attack targeting Windows accounts
ToolsSplunk, Windows Security Logs (Event ID 4625), SPL
Outcome80+ failed logons detected; triage workflow documented for reuse
Splunk SPL Windows Logs Detection

Incident Response

Staged

Phishing-to-Malware Incident Response Lab

Phishing-to-malware scenario with host investigation, process review, log evidence, containment notes, and structured incident documentation.

ScenarioPhishing email delivers malware; analyst investigates host indicators
ToolsSysinternals, Windows Event Logs, containment playbook
OutcomeStructured IR documentation and containment decision record
IR Sysinternals Event Logs Containment

Identity Security

Staged

Identity & Access Management Security Lab

Operational access-control scenarios covering MFA, least privilege, recovery controls, account lifecycle decisions, and escalation-resistant support workflows.

ScenarioAccount lifecycle, MFA enforcement, and least-privilege policy review
ToolsActive Directory, MFA policies, PAM workflows
OutcomeAccess governance documentation and escalation-resistant support flows
IAM MFA Active Directory Least Privilege

Analyst Briefing

How each case is evaluated.

Case Standard

From signal to response

Each project is framed around a practical security question: what happened, what evidence proves it, how should an analyst respond, and how can the workflow become repeatable?

  • Scenario Threat model and assumptions
  • Detection Query logic and thresholds
  • Triage Evidence and decision points
  • Response Actions, notes, and outcome
Phase 01

Build a controlled scenario with enough realism to produce meaningful telemetry.

Phase 02

Write detection logic, validate the signal, and document false-positive boundaries.

Phase 03

Translate raw events into analyst-ready findings with clear severity and scope.

Phase 04

Package the response workflow so the same pattern can be repeated and improved.