Practical AWS Cloud Security Posture Assessment Using Steampipe + Powerpipe
Assessing Cloud Security Using SQL Queries and Live Dashboards
Beginner
Platform for SOC Builders
Build and defend like real Security Engineers — from beginner SOC labs to advanced blue-team projects.
AWS Cloud Security Posture Assessment Home-Lab Using Steampipe + Powerpipe
This project will help you set up a local, agentless AWS security lab using SQL queries and interactive dashboards. You'll be able to query your AWS infrastructure using SQL and visualize security insights through a web-based dashboard—all running on your own machine.
Beginner
Hands-on with OSquery
You’ll learn Osquery fundamentals and understand how security teams use Osquery for endpoint visibility, investigation, and threat hunting.
Beginner
Wireshark Protocol Analysis
Learn how network protocols actually behave on the wire by analyzing ARP, ICMP, TCP, UDP, DNS, HTTP, and TLS traffic using Wireshark—building the protocol understanding required before security investigations.
Beginner
Introduction to n8n for Cybersecurity
Learn how SOC and IT teams automate security workflows in real-world environments by understanding n8n fundamentals, triggers, webhooks, data handling, decision logic, alert enrichment, and notification workflows.
Beginner
Introduction to Log Analysis
Learn how SOC analysts analyze logs in real-world environments by understanding log types, structures, searching techniques, pattern detection, and hands-on analysis using Splunk, Wazuh, and ELK Stack.
Beginner
Wireshark Fundamentals
Master the essential packet analysis skills required for SOC Analysts, Network Engineers, and Security Professionals using real-world traffic captures and hands-on labs.
Beginner
Practical AWS Cloud Security Posture Assessment Using Scout Suite
Identify real-world AWS attack surfaces through visual security posture analysis.
Beginner
AWS Cloud Security Posture Assessment Home-Lab Using Scout Suite
Build a safe cloud security lab to audit AWS misconfigurations using Scout Suite.
Beginner
Practical AWS Cloud Security Posture Assessment using Prowler
CIS-based AWS security audit identifying real misconfigurations and remediation guidance.
Beginner
AWS Cloud Security Posture Assessment Home-Lab using Prowler
CIS-based AWS security audit identifying real misconfigurations and remediation guidance.
Beginner
Hands-on with Threat Intelligence
Learn how Threat Intelligence (TI) is used in real SOC environments to enrich alerts, identify attacker infrastructure, map threats to MITRE ATT&CK, and improve detection and response using open-source and community-driven intelligence platforms.
Beginner
Hands-on with SOAR
Learn how SOAR platforms automate SOC operations by orchestrating tools, enriching alerts, and executing response actions—through hands-on walkthroughs of n8n, Shuffle, and Tines.
Beginner
Hands-on with SIEM
Learn how SIEM platforms work in real SOC environments by understanding log ingestion, normalization, searching, correlation, and alerting—followed by hands-on walkthroughs of Splunk, Wazuh SIEM, and ELK Stack.
Beginner
Hands-on with EDR
Learn how EDR works in real SOC environments by understanding endpoint telemetry, detection logic, and response workflows—followed by hands-on walkthroughs of popular open-source EDR tools.
Beginner
SOC L1 Triage and Reporting
Develop real-world SOC Analyst Level-1 skills by learning how to triage security alerts, validate threats using context, collect evidence, classify severity, and write professional incident reports used in enterprise SOC environments.
Beginner
Introduction to SOC (Security Operations Center)
Understand how a real-world Security Operations Center (SOC) operates by learning its purpose, people, tools, processes, data flow, alerts, and business impact through structured, concept-driven tasks.
Beginner
Introduction to Cybersecurity
Build a strong foundation in cybersecurity by understanding threats, attacks, defenses, identity protection, and cryptography through practical, beginner-friendly exercises.
Beginner
Networking Fundamentals
Build strong networking foundations by understanding how data moves across networks, how devices communicate, and how enterprises design, monitor, and secure networks.
Beginner
Windows AD Fundamentals
Master the core concepts of Windows Active Directory (AD) by building, managing, and analyzing a real AD environment the way it’s used in enterprise networks.
Beginner
Windows Fundamentals
Master the core Windows skills required for SOC Analysts, Security Engineers, IT Administrators, and Cloud Professionals through fully hands-on, task-based labs.
Beginner
AWS GuardDuty logs Ingestion in Splunk
Build a near real-time event-driven pipeline to stream GuardDuty security findings through EventBridge, SNS, and SQS into Splunk for immediate threat detection and incident response.
Beginner
AWS GuardDuty Findings Ingestion in Splunk using S3 and KMS Encryption
Build a secure pipeline to export GuardDuty security findings to an encrypted S3 bucket and automatically ingest them into Splunk for centralized threat monitoring and analysis.
Intermediate
Network Traffic Investigation with Suricata and ELK
Investigate network traffic on a target Ubuntu machine using Suricata (IDS) and ELK SIEM with Fleet (Elastic Agent), visualize suspicious network traffic patterns, and create alerts for abnormal or potentially malicious activities such as intrusion attempts, DDoS attacks, or malware communication.
Beginner
Investigating File Integrity using Auditd
Investigate file integrity and detect unauthorized changes on a target Ubuntu machine using Auditd and ELK SIEM with Fleet (Elastic Agent). This guide will walk you through setting up Auditd to monitor file integrity, sending logs to Elasticsearch via Fleet, visualizing file changes in Kibana, and setting up alerts for suspicious activities like unauthorized file modifications.
Beginner
Detecting Suspicious activities using Sysmon For Linux
Detect and investigate suspicious system changes (such as potential rootkits or malware) on a target Ubuntu machine using ELK SIEM with Fleet (Elastic Agent), Sysmon for Linux, and the Sysmon for Linux Connector, visualize these changes in real-time, and create alerts for abnormal system behaviors.
Beginner
Investigating Unauthorized SSH Access Attempts Using ELK SIEM
Investigate unauthorized SSH access attempts on a target Linux machine using ELK SIEM
Beginner
Monitoring User Account Activity Using Splunk
Use Sysmon for Linux to monitor and detect unauthorized user account activities, such as privilege escalations, account creations, deletions, or suspicious commands. Leverage Sysmon’s detailed logging capabilities to track and analyze user activity efficiently.
Beginner
Detecting Abnormal Network Traffic Using Splunk
Set up a network monitoring system to detect abnormal traffic patterns, including data exfiltration and command-and-control (C2) communication, by leveraging Suricata with Emerging Threats (ET) rules and analyzing logs using Splunk.
Beginner
File Integrity Monitoring for Sensitive Directories
Monitor and detect unauthorized modifications, deletions, or attribute changes in sensitive directories, such as /etc/, using Auditd for real-time monitoring and Splunk for centralized log analysis.
Beginner
Monitoring and Investigating Suspicious Process Execution
Detect and investigate suspicious processes running on an Ubuntu server using practical tools like Sysmon for Linux and Splunk. Simulate an attack by running a reverse shell.
Beginner
Detection of Unauthorized Access on Linux & Blocked by Fail2Ban
Real-Time Detection and Automated Response Workflow for Unauthorized Access Attempts on Linux Using Fail2Ban
Beginner
AWS CloudWatch Logs Ingestion in Splunk
Building a Secure & Serverless CloudWatch-to-Splunk Pipeline Using AWS Native Services
Intermediate
Linux Fundamentals
Master the core Linux skills required for SOC Analysts, Security Engineers, and Cloud Professionals through fully hands-on labs.
Beginner
AWS CloudTrail Logs Ingestion in Splunk
Build a reliable CloudTrail ingestion pipeline for Splunk with AWS services like S3, SNS and SQS. Understand each component and how Splunk processes logs end-to-end.
Intermediate
Pfsense Firewall Logs Ingestion In Wazuh
Build a centralized security monitoring environment by sending pfSense firewall logs to Wazuh for real-time threat detection and analysis. In this hands-on project, you will configure pfSense to forward logs to a Wazuh Manager, where they will be parsed, indexed, and visualized through the Wazuh Dashboard.
Beginner
Check Point Firewall Logs Ingestion in Graylog
Build a complete centralized security log management system by ingesting Check Point Firewall logs into Graylog using Syslog and Docker. Learn how to collect, store, parse, and analyze enterprise-grade firewall telemetry inside Graylog for threat detection and monitoring.
Beginner
Open Source Log Management Home-Lab using Graylog
Build a complete centralized log management system using Graylog on Docker to collect, store, and analyze logs from an Ubuntu syslog client.
Beginner
Splunk Dashboard for Cloudflare Logs
Monitor and Analyze Cloudflare Web Traffic, WAF Actions, and Server Performance in Real-Time
Intermediate
Detect and Respond SSH Brute-Force attack using Splunk
Building a Real-Time Detection and Automated Response Workflow for SSH Brute-Force Attacks in Splunk SIEM
Beginner
Suspicious file change detection and Respond On Windows using Wazuh
Detect unauthorized or suspicious file modifications in critical directories using Wazuh’s FIM (File Integrity Monitoring) module and automatically isolate or remediate affected endpoints
Beginner
Suspicious file change detection and Respond On Ubuntu Using Wazuh
Detect unauthorized or suspicious file modifications in critical directories using Wazuh’s FIM (File Integrity Monitoring) module and automatically isolate or remediate affected endpoints through Active Response.
Beginner
Docker Event Monitoring with Wazuh
Monitor, analyze, and respond to Docker container events using Wazuh SIEM for real-time security visibility.
Beginner
Splunk Dashboard for Web Traffic Logs
Building a Real-Time Web Activity Monitoring Dashboard
Intermediate
Splunk Dashboard for SSH Logs
Building a Real-Time SSH Authentication Monitoring Dashboard
Beginner
Automated Third-Party Vendor Risk Assessment (VRA) using AI and n8n Workflow Automation
An End-to-End Solution for Third-Party Vendor Risk Assessment (VRA) that Drastically Reduces Vetting Time to Minutes by Automating Domain Reputation Checks, Real-Time Security Incident Monitoring, and Deep Risk Synthesis using Generative AI (DeepSeek) and the n8n Workflow Platform.
Beginner
Splunk SOAR Home-Lab
Build a SOAR-enabled SIEM lab with Splunk Phantom, Splunk Enterprise, Wazuh sensors/agents, DMZ hosts, integrations (VirusTotal, Slack, ServiceNow, Outlook) and AWS GuardDuty alerting into Phantom.
Intermediate
Open Source SOAR Home-Lab using Shuffle
Build an Open-Source SOAR Lab integrating Shuffle with Wazuh, Suricata IDS, Splunk Enterprise, and AWS GuardDuty, including integrations with VirusTotal, Slack, ServiceNow, Outlook, and OTX for automated detection, enrichment, and response.
Intermediate
Splunk SIEM Home-Lab
Build and Configure a Complete Threat-Detection Environment using Splunk, Suricata IDS, and Attacker Simulations
Intermediate
Open Source SIEM Home-Lab with ELK Stack
Build and Configure an End-to-End SIEM Stack using Elastic, Suricata, and Fleet
Intermediate
Open Source SIEM Home-Lab with Wazuh
Build and Configure a Complete Security Information and Event Management (SIEM) System with Wazuh
Intermediate
MySQL Server Log Monitoring using Wazuh
Real-time detection of failed logins, query errors, and slow queries in MySQL
Beginner
Onion Site Scanner for Dark Web Monitoring
Search, collect, and analyze .onion URLs on Linux Server for threat intelligence
Beginner
Introduction to Microsoft Defender for Endpoint
Understanding Endpoint Security, Threat Detection, Vulnerability Management, and Automated Response in Enterprise Environments
Beginner
Introduction to Memory Forensics
Understanding Volatile Data, RAM Analysis, and Forensic Tools
Beginner
Apache Web Server Log Monitoring using Wazuh
Real-time detection of HTTP errors, brute-force and suspicious requests from Apache logs
Beginner
Suricata IDS Logs Monitoring with Wazuh
Integrating and Monitoring Suricata Network Events (eve.json, DNS, TLS, SSH) Using Wazuh SIEM
Intermediate
Windows Forensics using PowerShell
Learn how to gather essential system, user, and network information from Windows using PowerShell for DFIR readiness.
Beginner
Windows Log Monitoring with Wazuh
Real-Time Windows Event and Sysmon Log Analysis Using Wazuh SIEM
Intermediate
Introduction to Dark Web Search Engine and Marketplace
Explore how Dark Web search engines and marketplaces surface hidden content, learn safe OSINT
Beginner
Introduction to Dark Web Monitoring
Understand Internet Layers, Anonymous Communication, and Dark Web Monitoring Basics
Beginner
Threat Hunting Home-Lab(using Velociraptor)
Deploy, Configure, and Hunt Threats with Velociraptor Forensics Platform
Beginner
Hands-on with Qualys VM
A Practical Guide to Vulnerability Management, Scanning, and Remediation with Qualys VM
Beginner
AI Agent for Firewall Rulebase Audit
Build an automated workflow to audit Palo Alto firewall rules, enrich them with real-time usage data, and generate insightful security reports using n8n and AI.
Advanced
Splunk to n8n: Automated Log Ingestion
A guide to integrating Splunk with n8n for alert enrichment.
Intermediate
Splunk+ n8n + Suricata: Automated Malicious URL Enrichment
Automated Malicious URL Detection and Response with Suricata, Splunk, and n8n.
Intermediate
Installing and Setting up n8n(self-hosted)
Set Up and Run Your Own Local n8n Instance for Workflow Automation.
Intermediate
Splunk + n8n: Automated IP Encrichment
Automate IP Address Threat Intelligence and Incident Response using Splunk and n8n.
Intermediate
Wazuh + n8n + Anyrun: Automated Malware Analysis
Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.
Intermediate
Wazuh + n8n + Suricata: Automated Malicious URL Enrichment
Automated DNS threat detection and enrichment workflow integrated with VirusTotal, Wazuh, and n8n.
Intermediate
Wazuh + n8n: Automated File Hash Enrichment
Enrich Wazuh file-integrity alerts with VirusTotal file-hash lookups, generate a human-friendly report, and escalate suspicious files to ServiceNow + Slack.
Intermediate
Wazuh + n8n: Automated IP Encrichment
Enrich Wazuh alerts with IP reputation (VirusTotal + AlienVault) and route suspicious IPs to ServiceNow / Slack / Email via n8n.
Intermediate
Apache Server Log Analysis using Splunk
Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM
Intermediate
Linux File System Analysis
Practical triage of Linux file systems for anomalies, metadata, and hidden files
Beginner
Detecting Suspicious Network Traffic using Wazuh
End-to-end detection of scans, brute-force, and noisy DNS from endpoint/network logs
Intermediate
Monitoring AWS CloudTrail using Wazuh
Using Suricata IDS alerts inside Wazuh to detect malicious traffic
Intermediate
Linux File Integrity Monitoring using Wazuh
Detecting Unauthorized File Changes with Wazuh SIEM
Beginner
Deploying Splunk Universal Forwarder on Windows Machine
Collecting and Forwarding Logs from Windows to Splunk Indexer
Intermediate
Deploying Splunk Universal Forwarder on Ubuntu Machine
Collecting and Forwarding Logs from Ubuntu to Splunk Indexer
Beginner
AWS GaurdDuty Log Analysis using Splunk
Threat Detection and Analysis with Amazon GuardDuty Logs
Intermediate
Cloudflare HTTP Log Analysis using Splunk
Detecting WAF Blocks, Brute Force, SQLi, XSS, LFI, and Recon from Cloudflare HTTP Logs (JSON/JSONL)
Intermediate
DNS Log Analysis using Splunk
Analyse DNS query logs in Splunk to detect anomalies, query patterns, and suspicious activity.
Intermediate
HTTP Log Analysis using Splunk
A Hands-On Lab to Detect Client Errors, Suspicious User Agents, and Malicious URIs Using Splunk SIEM
Intermediate
SSH Log Analysis using Splunk
A Hands-On Lab to Detect Brute Force Attacks, Failed Logins, and Suspicious SSH Activity Using Splunk SIEM
Intermediate
Installing Wazuh SIEM
Deploy and configure Wazuh SIEM on Ubuntu to monitor, detect, and respond to security events in real-time.
Beginner
Installing Splunk Enterprise
Set up Splunk Enterprise on Ubuntu to start collecting, indexing, and analyzing machine data in minutes
Beginner
Installing Suricata IDS
Build, Configure, and Master Intrusion Detection with Suricata in Your Own Lab
Beginner
Installing Splunk SOAR
Build, Configure, and Master Intrusion Detection with Snort in Your Own Lab
Beginner
Open Source IDS Home-Lab(using Snort)
Build, Configure, and Master Intrusion Detection with Snort in Your Own Lab
Beginner
