Skip to content

CodeLife01/SOC-Analyst-Lab-Setup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
Screenshots
Screenshots
 
 
01. Installing Virtualbox on Windows.md
01. Installing Virtualbox on Windows.md
 
 
02. Installing pfsense.md
02. Installing pfsense.md
 
 
03. Installing Windows11 VM.md
03. Installing Windows11 VM.md
 
 
04. Configuring pfSense.md
04. Configuring pfSense.md
 
 
05. Installing Windows Server.md
05. Installing Windows Server.md
 
 
06. Installing & Configuring Active Directory.md
06. Installing & Configuring Active Directory.md
 
 
07. Setting Up Users, Groups & Policies.md
07. Setting Up Users, Groups & Policies.md
 
 
08. Domain Joining.md
08. Domain Joining.md
 
 
09. Installing Metasploitable.md
09. Installing Metasploitable.md
 
 
10. Installing Kali Linux.md
10. Installing Kali Linux.md
 
 
11. Installing Sysmon On Windows11.md
11. Installing Sysmon On Windows11.md
 
 
12. Installing Splunk on Win11.md
12. Installing Splunk on Win11.md
 
 
13. Snapshots.md
13. Snapshots.md
 
 
README.md
README.md
 
 

Repository files navigation

🛡️ SOC Lab Setup

This repository contains the complete architecture and configuration files required to build a simulated Security Operations Center (SOC) environment. The lab provides a practical and controlled setting for both offensive and defensive cybersecurity practices, ideal for red vs blue team training, malware analysis, and SIEM detection testing.

🖼️ Overview

The lab environment is hosted within VirtualBox and segmented into two main networks:

  • Attack LAN – Includes a Kali Linux machine for offensive security operations.
  • ECorp Network – Simulates an enterprise environment with Windows workstations, a domain controller, and vulnerable hosts, monitored via Splunk.

The environment is protected and routed using pfSense, allowing realistic traffic segmentation and firewall configurations.

Network Architecture

📚 Repository Structure

Each phase of the lab setup is documented in separate markdown files for clarity and modularity.

Each document provides step-by-step instructions on installing, configuring, and verifying the components involved in the lab.

Step Guide
1️⃣ Installing Virtual Machine Software
2️⃣ Installing pfSense VM
3️⃣ Installing Windows 11 VM
4️⃣ Configuring pfSense
5️⃣ Installing Windows Server
6️⃣ Installing & Configuring Active Directory
7️⃣ Setting Up Users, Groups, and Policies
8️⃣ Domain Joining (Windows 11)
9️⃣ Installing Metasploitable
🔟 Installing Kali Linux
1️⃣1️⃣ Installing Sysmon on Windows 11
1️⃣2️⃣ Installing Splunk on Windows 11
1️⃣3️⃣ Creating Snapshots

🔧 Key Technologies

  • VirtualBox – Virtualization platform
  • pfSense – Network segmentation & firewall
  • Windows 11 – Endpoint simulation
  • Windows Server – Active Directory & DNS
  • Kali Linux – Red Team activities
  • Metasploitable 2 – Vulnerable target
  • Splunk – Log aggregation and analysis
  • Sysmon – Host-based telemetry for detection

🎯 Learning Objectives

  • Simulate real-world cyber attacks and defensive responses
  • Monitor endpoint behavior using Sysmon and Splunk
  • Understand Active Directory structure and group policy enforcement
  • Practice domain joining, log forwarding, and alert correlation
  • Train for Blue, Red, and Purple Team operations

📝 Usage Notes

  • Ensure sufficient hardware resources (RAM, CPU, and disk) to run multiple VMs simultaneously.
  • Always snapshot your VMs after each major milestone for quick recovery.
  • This lab is for educational purposes only. Do not expose it to the internet or use it for unauthorized testing.

📝 Clone this repository:

git clone https://github.com/CodeLife01/SOC-Analyst-Lab-Setup.git
cd SOC-Analyst-Lab-Setup

📜 License

This project is open-source and intended for educational and non-commercial use only.

🙋‍♂️ Author

Sadeeq Muhammad
Cybersecurity Researcher | SOC Engineer
GitHub

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published