Automating new hire onboarding and employee offboarding across Active Directory and Microsoft 365 using PowerShell, Microsoft Graph, and a SharePoint request form, turning a manual checklist into a hands-off pipeline.
emsly@slytech:~/blog$ cat README.md▋
Documenting homelab builds, cybersecurity lab work, and infrastructure projects. Detection engineering, compliance frameworks, cloud setups, and the occasional deep-dive into whatever I'm learning this week.
Connecting Microsoft Sentinel to the slytech.us hybrid environment, building custom detection rules mapped to MITRE ATT&CK, deploying a deliberately exposed honeypot VM, and watching real global attack traffic roll in.
Provisioning Azure infrastructure as code with Terraform, enforcing governance with Azure Policy, and building a live security dashboard in Log Analytics Workbooks on top of the slytech.us hybrid environment.
Hybrid joining WIN11 to Entra ID, enrolling it in Intune, applying compliance and configuration policies, and onboarding to Defender for Endpoint on top of the existing slytech.us infrastructure.
Extending the slytech.us on-prem Active Directory into Microsoft Entra ID using Entra Connect to build a hybrid identity foundation for Intune, Conditional Access, and Defender for Endpoint.
Building a full PAM implementation with tiered admin accounts, JIT elevation, privileged account auditing, service account security, and live privilege escalation detection using event log evidence.
End-to-end IAM lab covering PowerShell provisioning and deprovisioning workflows, least-privilege OU structure, quarterly access review simulation, and GPO-based access control on Windows Server.
Building a Python tool that pulls Windows Security events from Splunk and uses the Anthropic API to generate structured SOC triage reports with MITRE ATT&CK mapping.
Integrating MITRE ATT&CK mapping with Splunk Security Essentials and building a complete SOC detection workflow.
Building brute force detection with SPL, configuring scheduled alerts, and creating security dashboards in Splunk.
Setting up Splunk Enterprise on Proxmox with Universal Forwarders on Windows endpoints for real log collection.
Mapping a five-VM homelab to all six NIST CSF 2.0 functions with live attack simulation, automated response, and snapshot-based recovery.
Mapping six ISO 27001 Annex A controls to real lab activity with evidence from Wazuh, OpenSCAP, and Active Directory.
Building a segmented SOC lab on Proxmox with Wazuh, pfSense, Kali, and Active Directory mapped to ISO 27001 and NIST CSF 2.0 controls.
How to set up custom domains in a homelab using Tailscale split DNS, Technitium DNS, and NPMplus with wildcard SSL certificates.
How to install Wazuh SIEM on Ubuntu Server in a homelab environment, including agent deployment and first security events.
Step-by-step guide to creating an Ubuntu Server VM on Proxmox, including static IP, SSH setup, and LVM disk expansion.