Introduction
Hands-on detection engineering and network forensics projects — built from scratch, documented with evidence, and designed to close real gaps.
Each project series follows its own methodology and objectives. Click into a series to see the full progression.
Lab Series
Operation Iron Watch
Type: Blue Team & Detection Engineering Status: Active (IW01–IW03 completed, IW04 in progress)
A multi-phase SOC lab series built on physical and virtual infrastructure — from first IDS alert to a hardened DMZ with a validated detection pipeline. Each operation identifies a gap and the next one closes it.
Covers: Network architecture, Suricata IDS, Graylog SIEM, rsyslog log pipelines, DDoS detection suite, MITRE ATT&CK mapping.
PCAP Autopsy
Type: Network Forensics & Traffic Analysis
Structured PCAP-based forensic investigations using real-world malware traffic captures. Six-phase methodology: Orientation, Traffic Analysis, IOC Extraction & Enrichment, ATT&CK Mapping, Detection Rule Writing, Report Writing.
Covers: Wireshark, network forensics, IOC analysis, MITRE ATT&CK, detection rule development from forensic findings.