Security Lab

Real-world security projects, detection engineering, and threat hunting tools developed throughout my cybersecurity journey

100+
Detection Rules
50+
Automation Scripts
200+
MITRE Techniques
15+
Projects

MITRE ATT&CK Coverage

Detection coverage mapped to MITRE ATT&CK framework, ensuring comprehensive visibility across the attack lifecycle

PowerShell

T1059.001
Execution

Detection Strategy:

Monitor for encoded commands, suspicious parameters, and download cradles

Data Source:

Process Creation, Command Line

Remote Desktop Protocol

T1021.001
Lateral Movement

Detection Strategy:

Track RDP connections from unusual sources, multiple failed attempts

Data Source:

Network Traffic, Authentication Logs

Valid Accounts

T1078
Privilege Escalation

Detection Strategy:

Monitor for unusual privilege assignments, service account usage

Data Source:

Authentication Logs, Process Creation

Data Staged

T1074
Collection

Detection Strategy:

Large file creation in unusual locations, compression activity

Data Source:

File Creation, Process Monitoring

Registry Run Keys

T1547.001
Persistence

Detection Strategy:

Monitor registry modifications to auto-start locations

Data Source:

Windows Registry, Process Creation

Comprehensive Detection Coverage

200+
Techniques Covered
14
Tactics Monitored
95%
Framework Coverage
24/7
Active Monitoring