Abstract
This was a half-semester long group project that I completed collaboratively with Brock Byard and Jacob Derenzy. The primary goal of our project was to simulate the environment of a security operations center (SOC) by deploying tools to detect, record, and investigate suspicious network activity.
Some major components of the project included:
- Renting a Proxmox host accessible via the Internet
- Securing Proxmox from forbidden outsider access
- Configuring the virtual network and machines
- Deploying a standalone Security Onion SIEM
- Installing guest operating systems and Elastic endpoint agents
- Setting up a live honeypot system
- Using attacker machines to exploit vulnerabilities
- Investigating the captured traffic to determine if malicious activity had occurred
The slides and demonstration video that were created for our presentation are included below.
Preview
/
[pdf]