SOC Analysis Capstone Project – SoluTech

Project Overview

This project simulated real-world cyberattacks and SOC operations for a mid-sized technology consulting company, SoluTech, which provides cloud services, web hosting, and IT support across Africa. The objective was to simulate attacks, detect incidents, analyze alerts, and produce a structured SOC report to improve SoluTech’s overall security posture.

Objectives

  • Simulate offensive and defensive security operations in a controlled lab environment.
  • Gain hands-on experience using industry-standard SOC tools.
  • Investigate and validate detected security incidents via Wazuh SIEM.
  • Strengthen incident response capabilities through detection, analysis, and remediation.
  • Document findings using SOC reporting standards.

Tools and Technologies

  • Kali Linux – offensive security testing and vulnerability scanning.
  • Wazuh SIEM – log analysis, detection, and alert correlation.
  • pfSense – network segmentation and IP blocking.
  • Ubuntu & Windows 10 – simulated endpoint targets.
  • Nmap, Hydra, Nikto, Dirb – scanning, brute-forcing, and directory enumeration.

Project Scenario

SoluTech recently observed unusual login attempts and suspicious network traffic on several endpoints through its Wazuh dashboard. To improve their detection and response strategy, the SOC team set up a simulated environment to:

  • Launch controlled cyberattacks using tools like Nmap and Hydra.
  • Detect alerts in Wazuh SIEM.
  • Respond to threats by blocking malicious IPs via pfSense.
  • Document findings to inform future security policies.

Workflow

  1. Network Setup
    Configured Kali, Ubuntu, Windows 10, pfSense, and Wazuh in a segmented lab network.
  2. Attack Simulation (Red Teaming)
    Launched controlled attacks including port scanning, brute-force attempts, and SMB/RDP probing.
  3. Detection and Analysis (Blue Teaming)
    Used Wazuh SIEM to detect and investigate suspicious activity, correlating alerts with attacker tools and IPs.
  4. Incident Response
    Blocked malicious IP addresses via pfSense and adjusted firewall rules.
  5. Documentation
    Produced a comprehensive SOC Incident Report including executive summary, attack timeline, screenshots, and remediation recommendations.

Key Findings

  • Brute-Force Login Attempts: Detected and validated multiple failed SSH login attempts.
  • Web Vulnerability Scans: Identified simulated scans targeting hidden directories and outdated services.
  • Lateral Movement Indicators: Alerts showed attempts to exploit SMB shares on Windows endpoints.
  • Network Misconfigurations: Exposed internal resources accessible without proper restrictions.

Recommendations

  • Enforce Multi-Factor Authentication (MFA) across all endpoints.
  • Implement network segmentation and strict least privilege principles.
  • Regularly monitor logs and set up automated SIEM alerting rules.
  • Conduct security awareness training for employees to reduce phishing risks.
  • Schedule periodic penetration testing to validate defenses.

Learning Outcomes

By completing this project, I gained hands-on experience in:
✅ Conducting controlled red team attacks.
✅ Using Wazuh SIEM to detect and analyze alerts.
✅ Performing effective incident response with pfSense and segmentation.
✅ Writing a structured SOC Incident Report aligned with industry standards.
✅ Understanding attacker methodologies and defensive countermeasures.

Skills Highlighted

Security Operations (SOC)
Threat Detection & Incident Response
SIEM Tools (Wazuh)
Offensive Security (Kali, Hydra, Nmap)
Firewall & Network Segmentation (pfSense)
Professional Security Reporting

Image Title Here
 
 
 

Hello

Profile Picture
Get in touch if you'd like to learn how I can contribute to your team or project.
Availability: Maximum: 2 Hours
Contact me