demo-soc
Demo SOC — Simulated Security Operations Center
A compact, hands-on SOC lab showcasing centralized logging, IDS/IPS detection, WAF-like filtering, and incident handling across a multi-OS environment.
Pages
- Report: reports/GalievNguenZevadskii_report.md
- Demo video: recordings/GalievNguenZavadskii-demo.mp4
Tech Badges
Core Stack:
Platforms & Infra:
Attack & Test Tooling:
Overview
- Centralized event collection and correlation with
Wazuh(SIEM) - Network-level detection/prevention with
SuricataIDS/IPS (incl. anti-XSS rules) - Request routing and basic WAF-like filtering via
Nginx - PoC attacks: SSH brute-force, SMB auth attempts, XSS against Juice Shop
- Multi-OS lab: Ubuntu + Windows + ParrotOS with DNS-esque routing via hosts files
Quick Start
- Nginx config:
configs/nginx.conf - Suricata rules (XSS PoC):
configs/xss.rules - Wazuh agent configs:
- Ubuntu:
configs/ubuntu/ossec.conf - Windows:
configs/windows/ossec.conf
- Ubuntu:
- Hosts entries used for name resolution:
- Ubuntu/Parrot:
configs/ubuntu/hosts - Windows:
configs/windows/hosts
- Ubuntu/Parrot:
Authors
- Galiev Arsen — a.galiev@innopolis.university
- Nguen Ilya-Linh — i.nguen@innopolis.university
- Zavadskii Peter — p.zavadskii@innopolis.university
Why This Lab
This tested emphasizes the importance of centralized telemetry and layered defenses. It provides a reproducible foundation for expanding into SOAR, CTI integration, and hybrid cloud deployments while validating detection logic with realistic attack simulations.