<aside> 🔖

Table of Contents

</aside>

Project Summary

Project Title: Designing a Full-Stack SOC Lab with Splunk | Building Detection, Alerting and Investigation Workflows Against Simulated Attacks.

Platform: On-Premises Hyper-V Lab Environment

Project Scope: Full end-to-end detection pipeline using Windows, Linux, and Splunk

Author: Athanasios Oikonomopoulos / B4ckD00rR4t

This project was developed to simulate a complete SOC environment, integrating detection engineering, alerting, and analyst triage. The lab was fully self-hosted using Hyper-V, and consisted of four virtual machines: a Splunk SIEM server (Ubuntu), a Windows 10 victim, a Kali Linux attacker, and a SOC Analyst workstation.

Throughout the project, I:

• Designed and deployed a virtual SOC infrastructure with static IP addressing, network segmentation, and controlled traffic paths
• Installed and configured Splunk Enterprise and Universal Forwarder, collecting Windows IIS logs in real time
• Set up a honeypot page (/customer-data-dump.html) to simulate attacker reconnaissance and log triggering
• Created real-time alerts using Splunk’s Triggered Alerts and SMTP email notifications
• Simulated attacker activity with tools like curl, wget, and nmap to validate detection logic
• Built a custom Splunk dashboard to monitor and visualize honeypot access events for rapid SOC triage
• Mapped detection use cases to MITRE ATT&CK techniques, to better understand adversary behavior and structure my detection logic around real-world tactics and procedures

Every phase, from infrastructure to alert validation, was documented step-by-step, highlighting key decisions, configurations, and lessons learned during the build.

This project demonstrates my ability to construct a functioning SOC pipeline from scratch, integrate log sources, write SPL for triage, simulate threats, and operationalize detection logic in a hands-on, blue team setting. The skills practiced here are directly applicable to roles in detection engineering, SOC analysis, and security monitoring.

Whether you're a fellow student, blue teamer, or security professional reviewing this as part of my portfolio, I invite you to explore my approach and methodology. It reflects my technical capabilities, investigative mindset, and dedication to mastering practical, real-world cybersecurity operations.