Home Labs
DNS Log Analysis Lab
In this lab, I explored how DNS logs can reveal potential Indicators of Compromise (IoCs). By enabling detailed DNS auditing, I simulated suspicious behavior and investigated anomalous domain queries, helping me understand how DNS traffic often reveals malware communication attempts.
Key Takeaways:
- Enabled detailed DNS query logging on the host system.
- Simulated real-world malware traffic using PowerShell scripts.
- Analyzed Event Viewer logs to identify unusual domain lookups.
- Tracked repeated beaconing behaviors from the system to specific domains.
- Mapped suspicious activity back to responsible processes.
Time Synchronization Across Systems
I completed a hands-on lab focused on managing and synchronizing time across multiple systems—an essential aspect of maintaining log integrity and supporting accurate forensic analysis
Key Takeaways:
- Worked within a lab environment using Kali Linux and Windows Server 2019 (including domain controller and client machines).
- Compared and synchronized system and hardware clocks to ensure alignment.
- Used timedatectl to configure accurate time zones for Linux systems.
- Set up an internal NTP server to standardize time across all devices in the network.
Asset Discovery with Nmap
I completed a hands-on lab focused on identifying assets and services within multiple network segments using Nmap, a powerful network scanning tool.
Key Takeaways:
- Performed ping sweeps to detect active hosts across internal and screened subnets.
- Conducted SYN scans to identify open ports and map available services.
- Used version detection to determine specific services and versions running on discovered ports.
- Executed OS detection to fingerprint the operating systems of networked devices.
Strengthening System Security and Mastering DNS Configuration
I completed hands-on system security tasks to enhance network defenses and strengthen local DNS configurations in a lab environment.
Key Takeaways:
- Configured Windows Server firewall rules to block ICMP (ping) traffic, validating effective enforcement of security policies.
- Edited /etc/hosts to enable local DNS resolution for juiceshop.local and verified domain accessibility using wget.
- Reinforced practical skills in system hardening, DNS management, and connectivity troubleshooting.