Post

Project X: Enterprise Attack-Defense Lab

Posted Updated
By Duc Huy Vu
1 min read
Project X: Enterprise Attack-Defense Lab

๐Ÿงฑ Lab Architecture

Designed and built a self-hosted cybersecurity homelab replicating a real-life enterprise environment to gain hands-on experience in both offensive and defensive security operations. The lab simulates cyberattacks using tools like Nmap and other pentesting tools to understand attacker methodologies while leveraging Wazuh for log aggregation, threat detection, and incident response. This environment enabled practical learning of red team (attacker) and blue team (defender) workflows, enhancing skills in threat hunting, detection engineering, and SIEM management within enterprise-like network infrastructures.

ComponentRole
project-x-dcWindows Server 2019 Domain Controller
project-x-win-clientWindows 10 Workstation
project-x-linux-clientLinux User Endpoint
project-x-email-svrEmail Server (SMTP/IMAP Simulated)
project-x-sec-boxWazuh SIEM (Rules, Alerts, Dashboards)
project-x-attackerAttacker Box (Kali Linux)
project-x-sec-workBlue Team Analyst Workstation

๐Ÿ” Key Features

  • Active Directory deployed on project-x-dc:
    • simulate enterprise identity and access management
  • Wazuh SIEM deployed on project-x-sec-box:
    • OSSEC agents on all endpoints
    • Custom detection rules and decoders
    • Alerts mapped to MITRE ATT&CK
  • Simulated Attacks using project-x-attacker:
    • Phishing with credential capture
    • Lateral movement
    • Credential dumping
    • Domain enumeration
  • Detection Engineering:
    • Alert correlation and tuning
    • Filtering false positives
  • Dashboarding:
    • Real-time endpoint alerts
    • Visualizations for host and network activity

๐Ÿงช Tools Used

  • Virtual Box Oracle (Creating VMs to replicate a structured network)
  • Wazuh
  • Kali Linux
  • Windows Event Forwarding
  • Atomic Red Team (Manual Payloads)

๐Ÿ“ธ Screenshots

(Add screenshots here showing Wazuh dashboards, terminal activity, attack logs, etc.)

๐Ÿ’ก Future Plans

  • Add cloud-based logging targets (e.g., S3, ElasticSearch)
  • Integrate Zeek or Suricata for deeper network analysis
  • Simulate ransomware for detection + response testing
  • Integrated a malware sample for malware analysis

๐Ÿ“ Portfolio Use

This project was created as part of my personal cybersecurity portfolio to demonstrate:

  • SIEM setup and tuning
  • Threat detection and alert engineering
  • Blue team and purple team operations

Documentation and live demo available upon request (or when im done putting the documentation on here, working on it!!!!)

Project
Homelab
This post is licensed under CC BY 4.0 by the author.

Trending Tags

Homelab Web