Real-world cybersecurity projects focused on detection engineering, IR documentation, pentesting, playbooks, malware analysis, and more.
Hi! I'm Sebastian, a cybersecurity professional focused on:
- SOC Analysis (L1–L2)
- Incident Response & Threat Investigation
- MITRE ATT&CK-based TTP analysis
- Pentesting & Vulnerability Research
- Detection Engineering (Sysmon, Wazuh, Sigma, KQL)
- Offensive & Defensive Security
I build hands-on labs, write professional incident reports, develop IR playbooks, and create real detection logic — the same work done in modern blue/red team environments.
- Log analysis (Sysmon, Wazuh, Event Viewer)
- Incident classification & triage
- Threat hunting (recon → persistence → C2)
- Malware behavior analysis
- Windows & Linux forensics
- Network & web exploitation
- Privilege escalation
- Reverse shells & persistence
- C2 (Sliver, netcat)
- SIEM: Wazuh, ELK, Splunk (basic), Azure Sentinel
- Detection: Sysmon, Sigma, KQL, YARA
- Analysis: Wireshark, Volatility, Autopsy
- Scripting: Python, PowerShell, Bash
- Cloud: Azure fundamentals
- MITRE ATT&CK
- NIST IR framework
- CIS Controls
Here are my major GitHub repositories that showcase my security work:
📁 Incident Reports, APT Analysis, Lateral Movement, MITRE, SIEM logs
🔗 Repository: SOC Incident Response Portfolio
Highlights:
- 10+ DFIR-style reports
- Lateral movement investigation
- PowerShell-based recon & credential theft
- NTLMv1 / Anonymous Logon attacks
- APT Case Study (Lazarus Group)
- Full IR lifecycle documentation
- Playbooks (Phishing, Access Abuse, Persistence)
- Detection logic & alert analysis
📁 Red Teaming | Privilege Escalation | Web Exploitation | Pivoting
🔗 Repository: VulnHub Offensive Security Portfolio
Machines included:
- Zico2
- Mr. Robot
- SkyTower
- Metasploitable 1
- C2 Exfiltration Lab
- Persistence Attack Lab
Includes:
- Full technical exploitation writeups
- Markdown summaries
- DOCX pentest reports
- MITRE mapping
- Screenshots & diagrams
📁 Security Policies | Risk Assessments | Malware Training | Ransomware Defense
🔗 Repository: Cybersecurity GRC & Documentation
Includes:
- Corporate Security Policy
- Windows 11 STIG-based Risk Assessment
- Ransomware Defense Plan
- Hashing Integrity Demonstration
- Malware Identification Training (PPTX)
- Security+ (Planned)
- Linux pro
- Google Cybersecurity Cert (planned)
- CompTIA CySA+ (Future)
| Category | Tools / Skills |
|---|---|
| SIEM & Logs | Wazuh, Sysmon, Sentinel, ELK |
| IR Skills | Triage, MITRE mapping, Forensics, Malware behavior |
| Detection | Sigma, KQL, YARA, log hunting |
| Offensive | Nmap, Hydra, Burp Suite, reverse shells |
| Scripting | Python, PowerShell, Bash |
| Cloud | Azure Identity, VMs, Storage |
| Documentation | Pentest reports, GRC policies, risk assessments |
💼 LinkedIn: https://www.linkedin.com/in/sebastiansalasa/ 📨 Email: sebastian.salas.arancibia@outlook.com
I’m continually expanding my projects with new incident simulations, detection rules, and pentesting labs.