Blue Team • SOC • Detection Engineering

Nour Maghalawy

SOC Analyst focused on threat detection, incident response, SIEM monitoring, and detection engineering. I build practical blue-team labs across Windows security, Active Directory, IDS/IPS, deception, and behavior-based analytics.

Splunk Elastic / ELK Wazuh Snort Active Directory Windows Security Logs
View Projects GitHub LinkedIn
Primary Focus
SOC / Blue Team
Hands-on detection labs, technical documentation, and investigation-driven security work.
Core Stack
SIEM + IDS
Splunk, ELK, Wazuh, Snort, Windows native logging, and Active Directory.
Project Style
Proof of Work
Each repository includes readable documentation, practical steps, and project structure.
Current Direction
Detection Engineering
Behavior-based detections, event analysis, deception concepts, and response-minded design.

Featured Projects

Selected blue-team projects and labs that reflect practical detection, monitoring, hardening, and security engineering work.

Blue Team Lab Active Directory

Active Directory Security Hardening Lab

Implemented user-level hardening in a Windows Server domain environment using Group Policy, privilege restrictions, and centralized policy enforcement.

Windows Server AD DS GPO Endpoint Hardening
Open Repository
Network Security Lab Snort IDS / IPS

Snort IDS / IPS Lab

Deployed Snort in IDS mode and then inline IPS mode using AFPacket, built custom rules, simulated attacks, and validated real-time blocking behavior.

Ubuntu AFPacket hping3 Traffic Filtering
Open Repository
Detection Lab Behavior-Based Detection

Info-Stealer Detection Lab

Built a small detection lab to identify early-stage fileless Info-Stealer behavior using Windows process creation telemetry and SIEM-based behavioral logic.

Event ID 4688 PowerShell Elastic SIEM Process Chaining
Open Repository
Security Research Deception

Early Breach Detection using Deception

Designed a lightweight deception-based detection model that uses canary-style signals and smart containment ideas to expose attacker footholds earlier and with less noise.

MITRE ATT&CK Canary Tokens Lateral Movement Containment
Open Repository
Security Research Lab Adversarial ML / Wazuh SIEM

Adversarial ML Behavior Detection & SIEM Correlation Lab

Simulated adversarial machine learning behavior by generating abnormal ML inference signals, then transformed them into Windows security events and integrated them into Wazuh SIEM. Built custom detection rules and correlation logic to identify suspicious ML-driven behavior and escalate repeated activity into high-severity alerts.

Wazuh SIEM Adversarial ML Detection Engineering Correlation Rules
View Project on GitHub

Tools & Skills

Technologies and focus areas reflected across my labs, projects, and technical write-ups.

SIEM Monitoring Threat Detection Incident Response Detection Engineering Threat Hunting Windows Event Logs Active Directory Snort IDS / IPS Splunk Elastic / ELK Wazuh n8n Linux PowerShell Monitoring Network Security MITRE ATT&CK Digital Forensics Malware Analysis Basics
Built for LinkedIn, GitHub, and recruiter-friendly project discovery.
.brand { font-weight: 800; letter-spacing: 0.5px; color: var(--text); text-decoration: none; } .brand span { color: var(--accent); } .nav-links { display: flex; gap: 18px; flex-wrap: wrap; } .nav-links a { color: var(--muted); text-decoration: none; font-size: 14px; } .nav-links a:hover { color: var(--text); } .hero { padding: 64px 0 32px; position: relative; } .hero-grid { display: grid; grid-template-columns: 1.2fr .9fr; gap: 24px; align-items: stretch; } .card { background: var(--panel); border: 1px solid var(--line); border-radius: 24px; box-shadow: var(--shadow); } .hero-card { padding: 32px; position: relative; overflow: hidden; } .hero-card::after { content: ""; position: absolute; inset: auto -10% -35% auto; width: 320px; height: 320px; background: radial-gradient(circle, rgba(92,200,255,.22), transparent 60%); pointer-events: none; } .eyebrow { display: inline-flex; gap: 8px; align-items: center; padding: 8px 12px; border-radius: 999px; background: rgba(92,200,255,.08); border: 1px solid rgba(92,200,255,.18); color: var(--accent); font-size: 13px; margin-bottom: 18px; } h1 { margin: 0 0 12px; font-size: clamp(34px, 6vw, 58px); line-height: 1.03; } .subhead { margin: 0 0 18px; color: var(--muted); font-size: 17px; line-height: 1.7; max-width: 760px; } .highlight { color: var(--accent-2); font-weight: 700; } .tag-row, .skills-grid { display: flex; gap: 10px; flex-wrap: wrap; } .tag { padding: 10px 14px; border-radius: 999px; background: rgba(255,255,255,0.04); border: 1px solid rgba(255,255,255,0.08); color: var(--text); font-size: 13px; } .cta-row { display: flex; gap: 12px; flex-wrap: wrap; margin-top: 22px; } .btn { display: inline-flex; align-items: center; justify-content: center; gap: 8px; padding: 12px 18px; border-radius: 14px; text-decoration: none; font-weight: 700; transition: .2s ease; border: 1px solid transparent; } .btn-primary { background: linear-gradient(135deg, var(--accent), #3f86ff); color: #05111d; } .btn-secondary { background: rgba(255,255,255,0.04); color: var(--text); border-color: rgba(255,255,255,0.08); } .btn:hover { transform: translateY(-1px); } .stats { display: grid; grid-template-columns: repeat(2, 1fr); gap: 14px; padding: 24px; } .stat-box { background: var(--panel-2); border: 1px solid var(--line); border-radius: 18px; padding: 18px; } .stat-label { color: var(--muted); font-size: 12px; text-transform: uppercase; letter-spacing: .12em; margin-bottom: 8px; } .stat-value { font-size: 26px; font-weight: 800; } .stat-small { margin-top: 6px; color: var(--muted); font-size: 13px; line-height: 1.5; } section { padding: 18px 0 28px; } .section-head { display: flex; justify-content: space-between; align-items: end; gap: 12px; margin-bottom: 18px; } .section-head h2 { margin: 0; font-size: 28px; } .section-head p { margin: 0; color: var(--muted); max-width: 720px; line-height: 1.6; } .projects { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 18px; } .project { padding: 22px; position: relative; overflow: hidden; } .project::before { content: ""; position: absolute; inset: 0; background: linear-gradient(180deg, rgba(92,200,255,.03), transparent 55%); pointer-events: none; } .project-top { display: flex; align-items: center; justify-content: space-between; gap: 12px; margin-bottom: 10px; } .project-type { font-size: 12px; color: var(--accent); text-transform: uppercase; letter-spacing: .12em; } .pill { font-size: 12px; padding: 8px 10px; border-radius: 999px; background: rgba(110,255,194,.08); border: 1px solid rgba(110,255,194,.16); color: var(--accent-2); } .project h3 { margin: 0 0 10px; font-size: 22px; } .project p { margin: 0 0 14px; color: var(--muted); line-height: 1.65; font-size: 15px; } .project-footer { display: flex; justify-content: space-between; gap: 12px; align-items: center; flex-wrap: wrap; margin-top: 16px; } .skills-panel { padding: 22px; } .skills-grid { margin-top: 14px; } .footer { padding: 28px 0 50px; color: var(--muted); text-align: center; font-size: 14px; } @media (max-width: 920px) { .hero-grid, .projects { grid-template-columns: 1fr; } .stats { grid-template-columns: 1fr 1fr; } } @media (max-width: 640px) { .nav-inner { align-items: flex-start; flex-direction: column; } .hero-card { padding: 24px; } .stats { grid-template-columns: 1fr; } .project h3 { font-size: 20px; } .subhead { font-size: 16px; } }
Blue Team • SOC • Detection Engineering

Nour Maghalawy

SOC Analyst focused on threat detection, incident response, SIEM monitoring, and practical blue-team labs. I document hands-on work across Windows security, Active Directory, IDS/IPS, and behavior-based detection.

Splunk Elastic / ELK Wazuh Snort Active Directory Windows Security Logs
View Projects GitHub LinkedIn
Primary Focus
SOC / Blue Team
Hands-on detection labs, technical documentation, and investigation-driven security work.
Core Stack
SIEM + IDS
Splunk, ELK, Wazuh, Snort, Windows native logging, and Active Directory.
Project Style
Proof of Work
Each repository includes readable documentation, steps, and project structure.
Current Direction
Detection Engineering
Behavior-based detections, event analysis, deception concepts, and response-minded design.

Featured Projects

Selected blue-team projects and labs that reflect practical detection, monitoring, hardening, and security engineering work.

Blue Team Lab Active Directory

Active Directory Security Hardening Lab

Implemented user-level hardening in a Windows Server domain environment using Group Policy, privilege restrictions, and centralized policy enforcement.

Windows Server AD DS GPO Endpoint Hardening
Open Repository
Network Security Lab Snort IDS / IPS

Snort IDS / IPS Lab

Deployed Snort in IDS mode and then inline IPS mode using AFPacket, built custom rules, simulated attacks, and validated real-time blocking behavior.

Ubuntu AFPacket hping3 Traffic Filtering
Open Repository
Detection Lab Behavior-Based Detection

Info-Stealer Detection Lab

Built a small detection lab to identify early-stage fileless Info-Stealer behavior using Windows process creation telemetry and SIEM-based behavioral logic.

Event ID 4688 PowerShell Elastic SIEM Process Chaining
Open Repository
Security Research Deception

Early Breach Detection using Deception

Designed a lightweight deception-based detection model that uses canary-style signals and smart containment ideas to expose attacker footholds earlier and with less noise.

MITRE ATT&CK Canary Tokens Lateral Movement Containment
Security Research Lab Adversarial ML / Wazuh SIEM

Adversarial ML Behavior Detection & SIEM Correlation Lab

Simulated adversarial machine learning behavior by generating abnormal ML inference signals, then converted them into security events and integrated them into Wazuh SIEM. Built custom detection rules and correlation logic to identify potential adversarial attacks and improve detection visibility across the environment.

Wazuh SIEM Adversarial ML Detection Engineering Threat Detection
View Project on GitHub
Open Repository
Open Repository

Tools & Skills

Technologies and focus areas reflected across my labs, projects, and technical write-ups.

SIEM Monitoring Threat Detection Incident Response Detection Engineering Threat Hunting Windows Event Logs Active Directory Snort IDS / IPS Splunk Elastic / ELK Wazuh n8n Linux PowerShell Monitoring Network Security MITRE ATT&CK Digital Forensics Malware Analysis Basics
Built for LinkedIn, GitHub, and recruiter-friendly project discovery.