josue6368/portfolio

Welcome to my cybersecurity portfolio. This repository highlights hands-on projects across detection engineering, SIEM analysis, threat hunting, network security monitoring, vulnerability management, web application security, phishing simulation, and password security. Each project includes documented workflows, screenshots, findings, and analysis using industry security tools such as Splunk, Zeek, Sysmon, Wireshark, Wazuh, and Kali Linux to demonstrate practical skills across offensive security, defensive operations, and security monitoring. ## Projects

Detection Engineering: Sigma + Wazuh Lab Developed and tested detection logic using Sigma rules and Wazuh to identify suspicious activity, validate alerts, and map detections to real-world security use cases.	Nessus Vulnerability Management Lab Performed vulnerability scanning with Nessus, analyzed findings, prioritized risk, and documented remediation recommendations using a vulnerability management workflow.
Wazuh SIEM Home Lab: Mini SOC Environment Built a Wazuh-based mini SOC environment using Ubuntu, Windows, and Kali Linux to collect endpoint logs, analyze alerts, and map activity to MITRE ATT&CK techniques.	OWASP Juice Shop Web App Pentest Conducted a web application penetration test against OWASP Juice Shop to identify common vulnerabilities, document exploitation steps, and provide security recommendations.
GoPhish Phishing Simulation Lab Built a phishing simulation lab using GoPhish to create campaigns, track user interaction, analyze results, and document security awareness training outcomes.	Password Cracking & Policy Analysis Lab Used password auditing techniques to evaluate password strength, analyze weak password patterns, and connect cracking results to stronger password policy recommendations.
Active Directory Attack & Defense Lab Created an Active Directory lab focused on enterprise attack paths, Windows security monitoring, credential-based attacks, and defensive detection strategies.	Malware Traffic Analysis Lab Analyzed suspicious network traffic using Wireshark and PCAP files to identify indicators of compromise, malicious communication patterns, and infected host behavior.
Sysmon + Splunk Threat Hunting Lab Configured Sysmon and Splunk Enterprise to collect Windows telemetry, investigate suspicious activity, and build practical threat-hunting searches.	Zeek + Splunk Network Threat Hunting Lab Built a Zeek + Splunk threat hunting lab to analyze malicious network traffic and investigate suspicious DNS, HTTP, and external IP activity.
More Projects Coming Soon Additional cybersecurity labs will be added as they are completed, documented, and published.

## Skills Demonstrated * Detection engineering * SIEM deployment and alert analysis * Sigma rule creation and validation * Threat hunting with Splunk * Endpoint telemetry analysis with Sysmon * Network telemetry analysis with Zeek * Network traffic analysis with Wireshark * Vulnerability scanning and remediation planning * Web application penetration testing * Phishing simulation and security awareness * Password auditing and policy analysis * Windows event log monitoring * DNS and HTTP traffic analysis * Active Directory security concepts * MITRE ATT&CK mapping * Incident response documentation * Cybersecurity reporting and portfolio documentation ## Tools & Technologies