╔══════════════════════════════════════════════════════════════════╗
║ ██████╗ ██╗ ██╗██████╗ ██████╗ █████╗ ██████╗ ██████╗ ║
║ ██╔══██╗██║ ██║██╔══██╗██╔════╝ ██╔══██╗ ██╔══██╗╚════██╗ ║
║ ██║ ██║██║ ██║██████╔╝██║ ███╗███████║ ██████╔╝ █████╔╝ ║
║ ██║ ██║██║ ██║██╔══██╗██║ ██║██╔══██║ ██╔═══╝ ██╔═══╝ ║
║ ██████╔╝╚██████╔╝██║ ██║╚██████╔╝██║ ██║ ██║ ███████╗ ║
║ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝ ║
╚══════════════════════════════════════════════════════════════════╝
SOC Analyst · Threat Hunter · Defender in Training
$ cat /etc/analyst-profile.conf
NAME = "Koyya Naga Durga Prasad"
ROLE = "Aspiring SOC Analyst"
LOCATION = "India"
EDUCATION = "B.Tech CSE — Krishna University (2021–2025) | CGPA: 8.0"
GATE = "QUALIFIED — 2025"
MISSION = "Understand how attackers think. Build defenses that catch them."
STATUS = "Actively learning | Building labs | Chasing certs"🎯 My approach: Don't just study theory — build labs, simulate attacks, analyze logs. Every project here reflects a real SOC workflow or defensive technique.
| 🛡️ SOC Operations | 🔧 Security Tools | 📐 Frameworks |
|---|---|---|
| Alert Triage | Splunk SIEM | MITRE ATT&CK |
| Log Analysis | Wireshark | Cyber Kill Chain |
| Incident Investigation | Kali Linux | NIST IR Lifecycle |
| Threat Detection | Nmap · Nessus | Diamond Model |
| Phishing Analysis | Burp Suite | OWASP Top 10 |
| IOC Extraction | VirusTotal | STRIDE |
Simulating a real Security Operations Center from scratch
📁 soc-mini-homelab/
├── 🖥️ Splunk SIEM → Ingestion, parsing, dashboards
├── 🐧 Kali Linux → Attack simulation (scans, brute-force)
├── 🪟 Windows 11 → Log source + Splunk Universal Forwarder
├── 🌐 Ubuntu Server → Additional log endpoint
└── 📊 SOC Dashboard → Real-time alert monitoring
What I built:
- ✅ Windows event log collection via Splunk Universal Forwarder
- ✅ Authentication monitoring & anomaly detection rules
- ✅ Live attack simulation → trace analysis pipeline
- ✅ Custom SOC dashboards with alert correlation
Full phishing analysis workflow — from raw email to threat report
📁 phishing-investigation/
├── 📧 Header Analysis → Sender spoofing, relay hops, X-headers
├── 🔍 IOC Extraction → IPs, URLs, hashes, domains
├── 🌐 Domain Intelligence → WHOIS, VirusTotal, URLScan
└── 🗺️ ATT&CK Mapping → T1566.001 — Spearphishing Attachment
Techniques covered:
- ✅ Email header forensics & spoofing detection
- ✅ URL defanging & sandbox detonation workflow
- ✅ Threat intel correlation (VirusTotal / AbuseIPDB)
- ✅ Full investigation report with ATT&CK technique mapping
Understand malware from the inside out — to defend against it
📁 keyboard-monitoring-lab/
├── 🐍 Python Keylogger → Behavior simulation (educational)
├── 🔬 Behavior Analysis → Data capture, exfiltration simulation
└── 🛡️ Detection Strategy → EDR indicators, process monitoring
What I learned:
- ✅ How keyloggers operate at the OS level
- ✅ Defensive indicators: process names, registry keys, network calls
- ✅ Detection logic applicable to SIEM/EDR environments
[✅ COMPLETED ] GATE 2025 — Computer Science & IT
[🔄 IN PROGRESS] CompTIA Security+ (SY0-701)
[🎯 NEXT TARGET] CompTIA CySA+ / Blue Team Labs / TryHackMe SOC Level 1
[2025-xx-xx] 🔵 Building: SOC homelab with Elastic SIEM (upcoming)
[2025-xx-xx] 🟢 Practicing: TryHackMe SOC Level 1 path
[2025-xx-xx] 🟡 Studying: CompTIA Security+ domains
[2025-xx-xx] 🔴 Analyzing: New phishing campaign samples
╔════════════════════════════════════════════╗
║ "The best defense is knowing the offense" ║
║ ║
║ Every log tells a story. ║
║ I'm learning to read them. ║
╚════════════════════════════════════════════╝