Blogs

About Wazuh For my SIEM and Endpoint Protection, I will be using Wazuh. Wazuh is an open source platform that provides threat detection, incident response, and compliance monitoring. As a SIEM, Wazuh offers the following features: Centralized Log Management Compliance Auditing Real-time Threat Intelligence File Integrity Monitoring These features will allow for me to keep this lab simplified and easy to manage. Wazuh Manager Installation For a simple deployment, I am using the pre-made OVA file that is available from Wazuh. The download for this OVA file can be found here. After properly importing it into VMWare, you can access the UI through a web browser using the default credentials. Make sure that the virtual machine is given a static/reserved IP. ...

This post will go over what I have done so far with the Windows Server and 3 endpoint devices. Currently I have 3 devices. Two are running Windows 10 and the other is running Windows 7. As of this post, all that has been done is setting up a Domain Controller, DNS, and Active Directory groups and users. I do plan on doing Group Policy in the future. Windows Server 2022 I will be using Windows Server 2022 as the Domain Controller to run Active Directory and handle DNS. Microsoft allows you to rearm the evaluation license 6 times for a total of 3 years. ...

In this blog, I will be detailing the setup and configuration of my home lab, which serves as an essential tool for learning key Blue Team security topics. My focus will be on mastering areas such as Security Information and Event Management (SIEMs), Intrusion Detection/Prevention Systems (IDS/IPS), and Endpoint Detection and Response (EDR). By simulating real-world environments, this lab will help me understand how to detect, analyze, and respond to security incidents. ...