This repository documents a multi-VM threat hunting lab designed to simulate an enterprise environment. Simulating a cybersecurity analyst, the goal of this project is to identify weaknesses, track Indicators of Compromise (IoCs), and strengthen defenses across a simulated internal network.
- Gain hands-on experience with threat hunting techniques.
- Identify and analyze IoCs across multiple scenarios.
- Understand and investigate abnormal network activity.
- Develop practical skills in detecting and mitigating vulnerabilities.
- Threat Hunting: Network Events
- Threat Hunting: New IoC
- Analyzing Logs and System Information
- Investigating DNS Activity
- Firewall Logging – Analyze logs to detect questionable network traffic.
- Netstat Analysis – Use
netstatto uncover IoCs tied to traffic abuse against a secure website. - Targeted Threat Hunting – Conduct scenario-based hunts to trace and analyze suspicious behavior.
- DNS Investigation – Investigate unusual DNS activity to identify additional IoCs.
This project uses a multi-VM setup to replicate an enterprise-style infrastructure:
- LAMP: Ubuntu server hosting a web application
- KALI: Debian-based penetration testing system
- DC10: Windows Server 2019 domain controller hosting a secure website
- MS10: Windows Server 2016
- PC10: Windows Server 2019 client
- Threat hunting and IoC analysis
- Firewall and network log analysis
- Identifying suspicious traffic patterns
- Investigating DNS-based anomalies
- Working in enterprise-style multi-VM environments
This project highlights my ability to detect, analyze, and respond to real-world threats in a complex enterprise environment.