SIEM Testbed Implementation

The SIEM Testbed Implementation was a research project aimed at investigating how the use of a SIEM tool may benefit students throughout their study in undergrad and postgrad degrees.

Students will gain experience using Spunk for log analysis, and by using the Atomic Red Team to test and generate log telemetry.



Research Document

This document containing the research that I performed throughout the year, while working on my project.

Functional Specification

This document defines my project, sets out what I want to achieve and contains my project plan.

Project Report

This document is the final report the demonstrates what I have learned and what I developed over the course of my project.

Lab Exercises

  • Lab Introduction

    An introduction to the lab implementation and the various tools and technologies that are included.

    Read More »

  • Lab Exercise 01

    T1027: Obfuscated Files or Information

    This lab covers how obfuscation is commonly used to avoid detection.

    Read More »

  • Lab Exercise 02

    T1059: Command and Scripting Interpreter

    This lab covers how adversaries often use commands executed through shells such as PowerShell or CMD.

    Read More »

  • Lab Exercise 03

    T1047: Windows Management Instrumentation

    This lab covers how the WMI is often used during the reconnaissance phase of an attack.

    Read More »

  • Lab Exercise 04

    T1105: Ingress Tool Transfer

    This lab covers how adversaries often import malicious DLLs and other tools that will facilitate further exploits and persistence.

    Read More »

  • Lab Exercise 05

    T1218: Signed Binary Proxy Execution

    This exercise covers how Rundll32 can be abused to execute malicious DLLs.

    Read More »

Lab Exercise Demonstration Videos

  • Lab 01: Obfuscated Files or Information
  • Lab 02: Command and Scripting Interpreter
  • Lab 03: Windows Management Instrumentation
  • Lab 04: Ingress Tool Transfer
  • Lab 05: Signed Binary Proxy Execution