Pentest Lab: Recon (Nmap) + DAST (OWASP ZAP baseline/full) against OWASP Juice Shop with reproducible HTML/TXT/PNG evidence and optional SOC correlation.
-
Updated
Nov 9, 2025 - HTML
#
mitre-attck
Here are 20 public repositories matching this topic...
Personal SOC lab using T-Pot CE on AWS to analyze real-world attack telemetry through Honeypots, Suricata, and offline log analysis
security alert kibana logstash home analysis honeypot incident-response lab elk cybersecurity soc triage homelab tpot spiderfoot t-pot mitre-attack mitre-attck tpotce
-
Updated
Jan 21, 2026
Practical SOC detection engineering and incident response case studies, including SIEM/XDR detections, alert triage, and malware analysis.
-
Updated
Jan 28, 2026
Machine learning project for classifying cybersecurity incidents (TP, BP, FP) using the GUIDE dataset. Includes data preprocessing, feature engineering, model benchmarking, and evaluation with macro-F1, precision, and recall. Supports SOC automation, threat detection, and enterprise security management.
python data-science machine-learning random-forest incident-response cybersecurity neural-networks xgboost classification lightgbm feature-engineering soc imbalanced-data model-evaluation capstone-project threat-detection precision-recall enterprise-security macro-f1 mitre-attck
-
Updated
Feb 17, 2026 - Jupyter Notebook
Blue Team / Defensive Security Reference — Full ATT&CK-aligned lifecycle mapper, workflows, tools & TTPs
-
Updated
Mar 8, 2026 - HTML
Red Team / Adversary Emulation Reference — Full ATT&CK kill chain mapper & TTP flows
-
Updated
Mar 8, 2026 - HTML
Portable SIEM detection toolkit with Sigma rules, Sysmon config, and Wazuh custom rules mapped to MITRE ATT&CK.
python cybersecurity sysmon siem sigma soc wazuh blue-team threat-detection detection-engineering mitre-attck
-
Updated
Apr 6, 2026 - Python
SOC Alert Triage Lab – Simulated SOC alert classification and triage using Python.
-
Updated
Mar 13, 2026 - Python
Wireless Zero Trust threat detection and response lab using Python and Scapy, with MITRE ATT&CK mapping and SIEM-style logging.
-
Updated
Feb 8, 2026 - Python
Incident Response investigation of a multi-stage attack detected in Microsoft Defender for Endpoint telemetery
incident-response cybersecurity threat-hunting digital-forensics security-analysis microsoft-defender incident-investigation mitre-attck
-
Updated
Mar 8, 2026
Evidence-based SOC Tier 1/2 projects: log pipelines, alert triage, detection rules, threat hunting, incident tickets, and lab writeups (Wazuh, Sysmon, Zeek, Suricata, Velociraptor).
incident-response suricata sysmon threat-hunting siem soc zeek wazuh windows-security detection-engineering mitre-attck
-
Updated
Feb 19, 2026 - PowerShell
OT/ICS cybersecurity lab demonstrating detection of unauthorized Modbus RTU (FC06) write activity using Python telemetry and Splunk SIEM correlation. Includes MITRE ATT&CK (ICS) mapping and SOC-grade incident documentation.
raspberry-pi splunk modbus siem modbus-rtu ics-security blue-team industrial-control-systems detection-engineering ot-security mitre-attck
-
Updated
Feb 14, 2026
Enterprise Active Directory security lab focused on privileged access hardening, audit policy configuration, detection engineering, and incident response. Simulates unauthorized privilege escalation attacks with forensic log analysis and MITRE ATT&CK mapping.
incident-response active-directory cybersecurity siem blue-team detection-engineering windows-server-2022 mitre-attck
-
Updated
Dec 12, 2025
8000
Command-line (proctitle) classification into MITRE ATT&CK techniques using TF-IDF + Logistic Regression and an LSTM baseline, with a custom token pattern tailored for cyber artifacts (IPs, paths, flags, URLs).
nlp machine-learning deep-learning tensorflow scikit-learn cybersecurity threat-detection mitre-attck
-
Updated
Jan 13, 2026 - Python
Real-time SOC monitoring dashboard with brute-force detection, threat intelligence enrichment, MITRE ATT&CK mapping and incident response workflow.
flask log-analysis incident-response cybersecurity siem soc threat-intelligence security-dashboard blue-team mitre-attck
-
Updated
Mar 15, 2026 - Python
SOC triage tool to enrich Windows command-line logs with MITRE mapping and analyst context
-
Updated
Feb 2, 2026 - Python
EDR/XDR detection coverage, gaps, and governance considerations for enterprise environments
cybersecurity xdr edr threat-detection security-monitoring risk-based-monitoring detection-engineering security-governance mitre-attck coverage-gaps
-
Updated
Dec 16, 2025
Behavior-based Linux malware profiler: ptrace syscall tracing → JSONL events → heuristic analysis with IOC extraction & MITRE ATT&CK mapping. No signatures, no hashes
cybersecurity syscalls malware-analysis linux-security threat-detection behavioral-analysis mitre-attck
-
Updated
Dec 25, 2025 - Python
SOC-style ransomware investigation using KQL (Azure Data Explorer)
incident-response cybersecurity educational ransomware threat-hunting soc blue-team azure-data-explorer kql mitre-attck
-
Updated
Dec 19, 2025
SOC Analyst home lab with Wazuh SIEM, Sysmon logging, brute-force detection, MITRE ATT&CK mapping, and incident response workflow.
-
Updated
Mar 24, 2026 - Shell
Improve this page
Add a description, image, and links to the mitre-attck topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the mitre-attck topic, visit your repo's landing page and select "manage topics."