Stop studying.
Start detecting.

The entry-level cybersecurity resource hub built by someone still in the trenches. Hands-on lab configs, KQL queries, detection rules, resume templates, and a curated job board for the Baltimore-DC corridor and beyond.

Get the SOC Starter Kit — $49Browse Free Labs ↓
0+
Lab Walkthroughs
0+
KQL Detection Rules
0+
Curated Job Listings
0 GPA
Built by a Student
// Hands-on Labs

Real configs. Real attacks. Real detections.

Every lab comes with full setup instructions, config files, MITRE ATT&CK mappings, and detection rules you can deploy in your own environment.

LAB-001FREE

Wazuh Mini SOC Lab

Full SOC environment with Wazuh manager, agents, and custom correlation rules. Detect brute force, privilege escalation, and lateral movement.

SIEMMITRE ATT&CKUbuntu
LAB-002FREE

Active Directory Attack & Defense

Build a vulnerable AD environment, attack it with real TTPs, then defend it. Covers Kerberoasting, AS-REP roasting, DCSync, and Golden Ticket.

ADKerberoastingBloodHound
LAB-003FREE

Vulnerability Management with Nessus + Azure

Spin up vulnerable Azure VMs, scan with Tenable Nessus, prioritize findings, and document the remediation lifecycle.

NessusAzure VMsRemediation
LAB-004KIT

Azure Sentinel Detection Engineering

Ingest logs into Azure Sentinel, write KQL queries, build analytics rules, and create automated playbooks for incident response.

KQLSentinelAnalytics Rules
LAB-005KIT

SOC Analyst Triage Simulator

Practice real alert triage workflows. Analyze PCAPs, correlate log sources, determine true vs false positives, and write incident reports.

Incident ResponseTriagePCAP
LAB-006KIT

OT/ICS Security Foundations

Introduction to OT/ICS security concepts. Covers Purdue Model, SCADA protocols, and critical infrastructure threat landscape.

SCADAModbusNIST 800-82
// Detection Library

KQL queries you can actually use.

Copy-paste detection rules mapped to MITRE ATT&CK. Each one tested in a live Sentinel workspace.

detection_rules.kql
Brute Force RDP DetectionHIGHT1110.001
Suspicious PowerShell ExecutionCRITICALT1059.001
Kerberoasting ActivityHIGHT1558.003
Lateral Movement via PsExecCRITICALT1021.002
Data Exfiltration over DNSMEDIUMT1048.003
Privilege Escalation via Token ManipulationHIGHT1134.001
View all 50+ rules →
// The Kit

SOC Starter Kit

Everything I wish I had when I started. Lab configs, detection rules, job search templates, interview prep, all in one bundle.

📦
Full Lab Configs
Docker compose files, Wazuh configs, Sentinel templates
🔍
50+ KQL Detection Rules
Tested queries mapped to MITRE ATT&CK techniques
📄
Resume + Cover Letter Templates
Tailored for SOC/IR/OT roles with NIST and MITRE framing
🎯
Interview Prep Pack
Scenario-based questions, triage walkthroughs, log analysis exercises
🗺️
Cert Roadmap
Priority-ranked certification path: Security+, SC-200, CySA+, and beyond
Claude Code Security Skills
Pre-built skill files for cybersecurity workflows and automation
$49one-time

Instant download. Lifetime updates. No subscription.

Get weekly dispatches from the SOC grind.

New detection rules, lab writeups, job market intel, and what I'm learning each week.