My Project Journal

Security experiments, tutorial recreations & original builds – documenting my hands-on progress

Blue

Blue Team

Project 6.4Project 6.4: Agent-Based Vulnerability Monitoring on Linux with Tenable Nessus Agent

This project demonstrates the deployment and configuration of a Tenable Nessus Agent on an Ubuntu Linux VM in Azure. It covers agent group creation, valid trigger configuration, installation via command line, and troubleshooting of trigger file mismatches.

1 Part

Vulnerability ManagementTenableNessus Agent+5

Blue

Blue Team

Project 6.3Project 6.3: Agent-Based Monitoring on Windows 11 Using Tenable Nessus Agents

This project focuses on implementing agent-based vulnerability assessment on a Windows 11 host using the Tenable Nessus Agent. The assessment involves deploying a VM, linking it to Tenable, configuring a triggered scan, and validating vulnerability reporting.

1 Part

Vulnerability ManagementTenableNessus Agent+4

Blue

Blue Team

Project 6.2Project 6.2: LOG(N) Pacific Internship – Windows 11 Compliance Scanning Using a Custom Tenable Scan Template

In this project, I built a custom Tenable scan template tailored specifically for Windows 11 DISA STIG compliance auditing. This report captures the full execution, from VM preparation to customized scan engineering, as well as an in-depth analysis of the results.

1 Part

Vulnerability ManagementTenableWindows 11+4

Blue

Blue Team

Project 6.1Project 6.1: LOG(N) Pacific Internship – Vulnerability Management: Linux Authenticated vs Unauthenticated Scanning with Tenable

In this project, I followed the same workflow used previously for Windows, but this time focusing on an Ubuntu 22.04 Linux virtual machine. The objective was to understand how Tenable evaluates Linux systems differently when scanning with and without authentication.

1 Part

Vulnerability ManagementTenableAzure+6

Blue

Blue Team

Project 6.0Project 6.0: LOG(N) Pacific Internship – Vulnerability Management: Windows Authenticated vs Unauthenticated Scanning with Tenable

In this project, I walked through the practical difference between authenticated and unauthenticated scans by deploying a Windows virtual machine in Azure and scanning it using Tenable’s cloud-based scanner.

1 Part

Vulnerability ManagementTenableAzure+5

Blue

Project 5.9: LOG(N) Pacific Internship Final Project – Detecting Tor Browser Usage on Corporate Endpoint - Threat Hunting Scenario (Part 1: Malicious Activity Simulation)

Blue Team

Cloud

Project 5.9Project 5.9: LOG(N) Pacific Internship Final Project – Detecting Tor Browser Usage on Corporate Endpoint - Threat Hunting Scenario

Simulating malicious employee behaviour in a controlled cyber-range environment by downloading and using TOR Browser on a corporate workstation, generating telemetry for threat hunting analysis in Microsoft Defender for Endpoint.

2 Parts

Blue TeamCloudThreat Hunting+6

Blue

Project 5.8: LOG(N) Pacific Internship – Incident Response Scenario: Excessive Azure Resource Creation or Deletion

Blue Team

Cloud

Project 5.8Project 5.8: LOG(N) Pacific Internship – Incident Response Scenario: Excessive Azure Resource Creation or Deletion

Detecting and investigating anomalous Azure resource lifecycle operations using Microsoft Sentinel, identifying excessive resource creation and deletion patterns that may indicate unauthorized automation or compromised service principals.

1 Part

Blue TeamCloudIncident Response+6

Blue

Project 5.7: LOG(N) Pacific Internship – Incident Response Scenario: Impossible Travel Detection with Microsoft Sentinel

Blue Team

Cloud

Project 5.7Project 5.7: LOG(N) Pacific Internship – Incident Response Scenario: Impossible Travel Detection with Microsoft Sentinel

Analysing identity-based threat scenarios through impossible travel detection in Microsoft Sentinel, evaluating Azure AD authentication patterns, and executing full incident response following NIST 800-61 guidelines.

1 Part

Blue TeamCloudIncident Response+8

Blue

Project 5.6: LOG(N) Pacific Internship – Incident Response Scenario 2: PowerShell Suspicious Web Request with Microsoft Sentinel

Blue Team

Cloud

Project 5.6Project 5.6: LOG(N) Pacific Internship – Incident Response Scenario 2: PowerShell Suspicious Web Request with Microsoft Sentinel

Detecting PowerShell-based web payload staging, building Sentinel analytics for Invoke-WebRequest abuse, and walking through end-to-end incident response with Microsoft Defender for Endpoint and Sentinel.

1 Part

Blue TeamCloudIncident Response+6

Blue

Project 5.5: LOG(N) Pacific Internship – Incident Response Scenario 1: Brute Force Attack Detection with Microsoft Sentinel

Blue Team

Cloud

Project 5.5Project 5.5: LOG(N) Pacific Internship – Incident Response Scenario 1: Brute Force Attack Detection with Microsoft Sentinel

Investigating a simulated brute-force attack scenario using Microsoft Sentinel and Defender for Endpoint, following the NIST 800-61 incident response lifecycle.

1 Part

Blue TeamCloudIncident Response+6

Blue

Project 5.4: LOG(N) Pacific Internship: Threat Hunting Scenario 4: PwnCrypt Ransomware Outbreak

Blue Team

Cloud

Project 5.4Project 5.4: LOG(N) Pacific Internship: Threat Hunting Scenario 4: PwnCrypt Ransomware Outbreak

A comprehensive threat hunting exercise investigating a PwnCrypt ransomware outbreak, using Microsoft Defender for Endpoint to analyze file encryption activities, process execution chains, and ransomware indicators of compromise.

1 Part

Blue TeamCloudThreat Hunting+6

Blue

Project 5.3: LOG(N) Pacific Internship: Threat Hunting Scenario 3: Suspected Data Exfiltration

Blue Team

Cloud

Project 5.3Project 5.3: LOG(N) Pacific Internship: Threat Hunting Scenario 3: Suspected Data Exfiltration

A comprehensive threat hunting exercise investigating suspected data exfiltration by a disgruntled employee, using Microsoft Defender for Endpoint to identify unauthorized archiving and data transfer activities within the network.

1 Part

Blue TeamCloudThreat Hunting+6