Cloud-native threat hunting case study using Splunk Cloud to detect MITRE ATT&CK T1003.001 (LSASS Memory Dumping). Features custom SPL and runtime regex (rex) log parsing of raw Sysmon tele...

A structured DFIR playbook for analyzing memory dumps using Volatility 3. This repository provides a question-driven workflow for investigating volatile memory artifacts, suspicious processes, netw...

Built an enterprise SOC homelab using ELK Stack, Active Directory, Sysmon, and Winlogbeat for centralized log monitoring and threat detection. Simulated real-world attacks including brute force, re...

Hands-on Endpoint Detection & Response (EDR) lab using LimaCharlie to simulate and investigate LSASS credential dumping activity, endpoint telemetry, and SOC investigation workflows. - omcy...

Simulated internal Active Directory penetration test demonstrating enumeration, lateral movement, credential dumping, and full domain compromise in a VMware lab environment. - JOHNNY210702/Pentest-...

Critical concepts demonstrated: Kerberoasting, AS-REP roasting, DCSync BloodHound attack path analysis Lateral movement (PSExec, WMI, WinRM) Credential dumping (LSASS, SAM) - vetementsvmnts/-Active...

A structured DFIR playbook for analyzing memory dumps using Volatility 3. This repository provides a question-driven workflow for investigating volatile memory artifacts, suspicious processes, netw...

Windows 10 exploitation and privilege escalation lab using SMB enumeration, remote command execution, credential dumping, and NTLM hash cracking. - ajx77/Windows10-Privilege-Escalation-Lab

End-to-end incident response simulation: T1003.001 LSASS credential dumping detection & remediation with Wazuh SIEM and formal incident report - gaurav-koshti-CySA/Incident-Response-lab

This repository is my university project about simulating credential dumping and privilege escalation in a Windows Active Directory environment - KiMiRoTa/Windows-10-Crendential-Attack-Pentesting

Built and exploited a self-hosted Active Diretory Lab Simulation real-world attack scenarios including enumeration, lateral movement, and credential dumping. - ajx77/Active-Directory-Pentest-Lab

Built and validated a Splunk detection for PowerShell or cmd activity executing from or referencing a temporary directory where the command line references an LSASS dump file (lsass.DMP). This beh...

This repository is my university project about simulating credential dumping and privilege escalation in a Windows Active Directory environment - KiMiRoTa/Windows-10-Crendential-Attack-Pentesting

This repository is my university project about simulating credential dumping and privilege escalation in a Windows Active Directory environment - KiMiRoTa/WIndows-Crendential-Attack-Lab

Monitoring Windows (Sysmon) and Debian VMs. I use Wazuh to parse and filter telemetry before forwarding to Splunk, keeping the daily volume under the 500MB license limit. Focuses on efficient index...

It covers everything from initial network attacks like LLMNR poisoning and SMB relay, all the way through to post-compromise techniques including Kerberoasting, token impersonation, credential dump...

Comprehensive mapping of Active Directory (AD) attacks to the MITRE ATT&CK® framework. Covers TTPs for credential dumping, lateral movement, persistence, and privilege escalation with detec...

SOC-style investigation of a compromised Windows system (TryHackMe lab), identifying credential dumping (Mimikatz), attacker tooling, and post-exploitation activity. - Friendlyfoldman/soc-investiga...