Cybersecurity Student & Blue Team Enthusiast
๐ Ankara, Turkey | ๐ Ostim Technical University
Focused on SOC operations, detection engineering, and DFIR. This repository serves as a central hub for my projects and technical writeups.
๐ก๏ธ Wazuh SOC Homelab
Hybrid SIEM/EDR Deployment Connecting a local Wazuh Manager (Proxmox) to a remote VPS via Tailscale, featuring CIS hardening and Telegram alerts.
- Goal: Monitor remote cloud assets securely from a local environment.
- Tech: Wazuh, Tailscale, Ubuntu, UFW, Fail2ban.
- Status: โ Complete (Defended against real brute-force attack)
๐ฌ EDR Detection Lab
Endpoint Detection & Response Pipeline Building a complete detection lab from scratch using Splunk, Sysmon, and Atomic Red Team.
- Goal: Simulate attacks and write custom SPL detection rules.
- Tech: Windows 10, Sysmon, Splunk Enterprise, Kali Linux.
- Status: ๐ง In Progress (Telemetry setup complete)
๐ SOC Home Lab
Enterprise-Simulated Network Environment My personal playground for network security monitoring.
- Architecture: Segmented VLANs (User/Server), pfSense Firewall.
- Monitoring: Zeek, Suricata, and Splunk ingestion.
- Infrastructure: Proxmox hypervisor.
๐ Security Writeups
CTF Solutions & Forensic Investigations Detailed walkthroughs of HackTheBox machines and Sherlocks (Blue Team challenges).
- Latest: PhishNet (HTB Sherlock) - Email Forensics & Malware Analysis.
- Focus: Documenting the process and methodology, not just the flags.
| Domain | Tools & Technologies |
|---|---|
| SIEM & Logging | Splunk (SPL), Sysmon, Windows Event Logs |
| Network Security | Wireshark, Zeek, Suricata, pfSense |
| Endpoint Security | EDR Concepts, Registry Analysis, File Forensics |
| Virtualization | Proxmox VE, VMware, Docker |
| Scripting | Python, Bash, PowerShell |
- Certification: Preparing for CompTIA Security+
- Project: Enhancing DFIR capabilities with Velociraptor integration
- Focus: Developing custom detection rules for LSASS credential dumping (T1003.001)
