Reverse Shell Detection Lab
Staged Meterpreter reverse shell via msfvenom, payload delivery over HTTP. Detection via Sysmon EID 1/3, Wazuh SIEM (Rule 92031, T1087) and Suricata IDS network-layer alerts. MITRE ATT&CK T1059.003, T1105, T1571.
Fileless Malware Lab
PowerShell IEX DownloadString with psh-reflection payload — no file written to disk. Process migration into system process. Detection via Sysmon command-line capture. MITRE ATT&CK T1059.001, T1055, T1564.003.
Mirai Botnet Analysis Lab
Static analysis of a real Mirai botnet ELF sample targeting
PowerPC IoT devices. C2 server extraction, CVE-2017-17215
exploit identification, custom YARA rule creation and
automated VirusTotal API hash lookup.
Wazuh + Sysmon Detection Lab
Windows 11 Sysmon telemetry integration with Wazuh, custom detection rules, alert triage workflow and log correlation.
Brute-Force Detection Lab
Windows Security log analysis and brute-force detection using Wazuh SIEM.
Correlation of multiple failed login attempts into high-severity alerts
and investigation using JSON event data.
Ransomware Behavior Analysis Lab
Custom PowerShell ransomware simulator — mass file encryption, ransom note drop, shadow copy deletion. Detection via Wazuh FIM Rule 550 (realtime), Sysmon EID 1. MITRE ATT&CK T1486, T1490, T1565.001.
Suricata IDS + PCAP Triage
Custom Suricata rules, EVE JSON analysis, suspicious traffic investigation and packet-level triage using Wireshark.
Phishing Analysis Sandbox
Isolated VM detonation, URL and JavaScript inspection, IOC extraction, network traffic monitoring and structured incident reporting.
Network Monitoring Lab
Pi-hole DNS analysis, Suricata IDS, traffic inspection and alert tuning.