SOC Analyst Home Lab Guide

£5.00

SOC Analyst Home Lab Build Guide — £5.00

Build a complete Security Operations Centre at home with step-by-step instructions, exact commands, and every tool download link. Four machines. One network. Real attacks. Real detections.

7 guided build steps: VirtualBox hypervisor setup, isolated network configuration, Wazuh SIEM/EDR server deployment, Windows Server target with Sysmon and advanced logging, Wazuh agent connection, Kali Linux attack machine, and pfSense firewall with network segmentation.

10 custom detection rules targeting brute force, privilege escalation, suspicious PowerShell, new service installation, lateral movement, and account creation. Each rule includes the Windows Event ID it monitors and the attack technique it catches.

6 attack-and-detect exercises including network reconnaissance, brute force, credential harvesting, suspicious PowerShell execution, privilege escalation, and a full incident response simulation with a professional IR report.

Includes a Windows Event ID reference guide, GitHub documentation template with repository structure, and Level 2/3 advanced additions (MITRE ATT&CK mapping, TheHive/Cortex SOAR, YARA rules).

Total cost: £0. Every tool is free and open source. Hardware required: any PC with 16GB RAM.

The lab that gets you hired. The project that hiring managers ask you to walk through in every interview.

Pairs with the SOC Analyst Blueprint video on YouTube (free) and the SOC Analyst Skill Matrix.

SOC Analyst Home Lab Build Guide — £5.00

Build a complete Security Operations Centre at home with step-by-step instructions, exact commands, and every tool download link. Four machines. One network. Real attacks. Real detections.

7 guided build steps: VirtualBox hypervisor setup, isolated network configuration, Wazuh SIEM/EDR server deployment, Windows Server target with Sysmon and advanced logging, Wazuh agent connection, Kali Linux attack machine, and pfSense firewall with network segmentation.

10 custom detection rules targeting brute force, privilege escalation, suspicious PowerShell, new service installation, lateral movement, and account creation. Each rule includes the Windows Event ID it monitors and the attack technique it catches.

6 attack-and-detect exercises including network reconnaissance, brute force, credential harvesting, suspicious PowerShell execution, privilege escalation, and a full incident response simulation with a professional IR report.

Includes a Windows Event ID reference guide, GitHub documentation template with repository structure, and Level 2/3 advanced additions (MITRE ATT&CK mapping, TheHive/Cortex SOAR, YARA rules).

Total cost: £0. Every tool is free and open source. Hardware required: any PC with 16GB RAM.

The lab that gets you hired. The project that hiring managers ask you to walk through in every interview.

Pairs with the SOC Analyst Blueprint video on YouTube (free) and the SOC Analyst Skill Matrix.