## https://sploitus.com/exploit?id=FDD9C675-CEEE-5671-8FAB-BE9D71011B1B
# Full-Spectrum Cyber Operation Lab: Red Team Execution & Blue Team Detection
## Overview
This project simulates a full end-to-end cyber operation in a controlled cyber range environment, demonstrating both offensive (red team) and defensive (blue team) capabilities.
The lab follows a structured attack lifecycle from reconnaissance through objective execution, then transitions into detection, analysis, and incident response using a SIEM platform.
This project highlights how real-world attackers operate across multiple phases of an intrusion and how defenders detect, investigate, and respond to those activities using network and host-based evidence.
## Objectives
- Simulate a structured cyber attack across Linux and Windows systems
- Identify and exploit vulnerable services using reconnaissance-driven methods
- Establish persistence and perform post-exploitation enumeration
- Detect and analyze attacker behavior using Security Onion SIEM
- Map observed activity to MITRE ATT&CK techniques
- Document findings from both attacker and defender perspectives
## Lab Environment
- **Attacker:** Kali Linux
- **Targets:** Linux (Metasploitable-style) and Windows Server
- **SIEM:** Security Onion (Zeek + Suricata)
- **Tools:** Nmap, Metasploit, Kibana/Discover, MITRE ATT&CK Navigator
## Cyber Operation Phases
### 1. Reconnaissance
- Network scanning and service enumeration using Nmap
- CPE โ CVE mapping and CVSS-based risk prioritization
### 2. Initial Access
- Exploitation of vulnerable services on Linux and Windows systems
- Verified command execution and SYSTEM-level access via Meterpreter
### 3. Defense Evasion
- Command history clearing and Windows event log manipulation
- Demonstration of attacker anti-forensic behavior
### 4. Persistence
- Linux cron-based persistence
- Windows scheduled task persistence
### 5. Execution
- Post-exploitation enumeration
- Artifact discovery and extraction (flag retrieval)
### 6. Detection & Analysis
- Identification of scanning, exploitation, and persistence activity in Security Onion
- Analysis of Zeek logs and Suricata alerts
- Correlation of attacker activity using SIEM data
### 7. Operational Assessment
- Evaluation of attack effectiveness
- Mapping activity to structured cyber operation phases
- Analysis of detection gaps and defensive visibility
## Key Skills Demonstrated
### Offensive Security
- Network reconnaissance (Nmap)
- Vulnerability identification and CVE analysis
- Exploitation using Metasploit
- Post-exploitation enumeration
- Persistence techniques (cron, scheduled tasks)
### Defensive Security
- SIEM analysis using Security Onion
- Log analysis (Zeek, Suricata)
- Indicator of Compromise (IOC) identification
- Incident detection and response workflow
- MITRE ATT&CK mapping
## Key Takeaways
- Real-world attacks follow structured, multi-phase workflows
- Persistence and evasion techniques can reduce host-level visibility
- SIEM tools provide critical detection capability even when artifacts are removed
- Effective defense requires correlation of network and host-based data
## Repository Structure
- `/offensive` โ Red team methodology and execution
- `/defensive` โ Detection and incident analysis
- `/assessment` โ Operational evaluation
- `/screenshots` โ Evidence supporting each phase
- `/references` โ Supporting research and context
## Important Note
All activities were conducted in a controlled academic cyber range environment. This project is intended for educational, defensive, and professional development purposes only.