Hands-on Blue Team environment for learning and documenting cybersecurity detection, response, and hardening techniques.
This repo tracks configurations, tools, and use cases from my practical homelab β focusing on SIEM, threat detection, and incident response.
I'm Raoul, a Lab Engineer with a background in networking and virtualization, now building a Blue Teamβfocused cybersecurity homelab.
My goal is to develop practical, hands-on skills in SIEM deployment, endpoint monitoring, and log correlation, while documenting every setup step for transparency and reproducibility.
This repository serves as my structured learning journal, covering topics ranging from building a secure Windows domain to detecting simulated attacks using open-source tools.
π Based in Romania | π§ Learning through real-world simulation
Focus: Threat detection, system hardening, and incident response across hybrid environments.
- π§° Proxmox β Virtualization host for lab infrastructure
- π» Windows AD / Sysmon / Winlogbeat β Domain, endpoint, and event telemetry
- πͺΆ Wazuh β SIEM, EDR, and log analysis
- π³ Docker β Containerized tooling (ELK, TheHive, Cortex, Security Onion)
- π Grafana / Loki / Prometheus β Observability and metrics correlation
- π§ Atomic Red Team / Caldera / Sigma Rules β Adversary simulation and detection logic
- 𧩠Suricata / Zeek β Network-based detection
π« GitHub: @raoulmoise
π LinkedIn: https://www.linkedin.com/in/raoul-moise-7b7005174/
βConsistency over pressure. Precision over panic.β
This is an ongoing systems-building lab, not a motivational sprint.