## https://sploitus.com/exploit?id=7EBA7872-484E-57A1-B031-D08AAED5760D
# Cyber Security Practice Lab โ Beginner (SOC + VAPT)
This beginner-friendly lab combines **SOC (Security Operations Center)** basics with **Vulnerability Assessment & Penetration Testing (VAPT)** practice.
Designed for interns and students to demonstrate hands-on skills for resumes and interviews.
## What's included (Beginner)
- Docker-based vulnerable apps: OWASP Juice Shop & DVWA
- Beginner-friendly automation scripts: recon, nmap, nuclei (optional)
- 3 beginner PoC reports: Reflected XSS, IDOR, SQL Injection (DVWA)
- Simple SOC incident example and incident_summary template
- MITRE ATT&CK mapping (basic)
- Evidence placeholders (screenshots)
- Step-by-step usage instructions
## Quick start (local machine)
1. Install prerequisites:
- Docker & docker-compose
- (Optional) subfinder, httpx, nmap, nuclei
- Burp Suite (Community)
2. Start vulnerable apps:
```bash
docker-compose up -d
```
3. Make scripts executable and run recon:
```bash
chmod +x automation/run_recon.sh automation/run_nuclei.sh
./automation/run_recon.sh targets.txt
```
4. Open Burp Suite and practice manual testing on:
- Juice Shop: http://localhost:3000
- DVWA: http://localhost
## How to use for resume
- Run the lab and produce PoC reports from `/poc_reports`
- Add a GitHub link to the repo in your resume under Projects
- Keep screenshots in `/evidence` and link them in the PoC reports
## Structure
See the repository tree:
```
/automation - recon & scan scripts (beginner-friendly)
/configs - config samples
/poc_reports - detailed beginner PoC reports
/evidence - screenshots (placeholders)
/soc - SOC alert example & incident template
/docker-compose.yml
/targets.txt
/README.md
```
## Notes
Only use these tools against lab targets you control. Never scan or attack external systems without permission.