ktalons/talonsoclab

# TalonSocLab **Personal SOC home lab** — flagship portfolio project by [Kyle Versluis](https://ktalons.github.io/). A single coherent home SOC built in four phases over 10 weeks. Each phase ships independently with its own folder, README, architecture diagram, and lessons-learned write-up. By the end this will be a working end-to-end example of "I can run a small SOC." ## Phases | Phase | Window | Deliverable | |---|---|---| | **A — Foundation SOC Stack** | May 20 – Jun 9 | Wazuh + Sysmon + Suricata + pfSense on Proxmox with custom dashboards | | **B — Detection Engineering & Threat Hunting** | Jun 3 – Jun 23 | Sigma rule pack validated against Atomic Red Team + MITRE ATT&CK coverage map | | **C — AD Attack & Defense** | Jun 17 – Jul 21 | GOAD-style AD lab + top-5 AD attack detection chain + purple-team report | | **D — Honeynet + Threat Intel Pipeline** | Jul 1 – Aug 4 | T-Pot → OpenCTI with automated AbuseIPDB + VirusTotal enrichment | ## Status 🟠 **Under construction** — Phase A targeted for June 9. Repo will fill in as each phase ships. ## Why I'm building it Strong CTF and OT SOC experience, but no public home-lab artifact a hiring manager can click on. TalonSocLab fixes that — particularly relevant for senior SOC and federal detection-engineering roles where end-to-end SOC capability needs to be visibly demonstrated, not just described.