raghv.dev

CYBERSECURITY

Threat Operations

Blue team fundamentals, SIEM operations, and hands-on offensive tooling. Built through real home lab exercises, not just theory.

3

Certs Earned

50+

THM Labs

12+

Wazuh Rules

14

MITRE Tactics

MITRE ATT&CK

Detection Coverage Heatmap

Low
Med
High

TA0043

Reconnaissance

70%

TA0042

Resource Dev

40%

TA0001

Initial Access

60%

TA0002

Execution

65%

TA0003

Persistence

50%

TA0004

Priv Escalation

45%

TA0005

Defense Evasion

55%

TA0006

Credential Access

70%

TA0007

Discovery

80%

TA0008

Lateral Movement

50%

TA0009

Collection

40%

TA0011

C&C

60%

TA0010

Exfiltration

45%

TA0040

Impact

50%

SKILL DOMAINS

Current Proficiency

Threat Detection

SIEM rule writing, alert triage, IOC identification

55%
Network Security

Packet analysis, firewall rules, port scanning

65%
Active Directory

Domain management, GPO, authentication protocols

60%
Incident Response

IR lifecycle, documentation, escalation procedures

50%
Linux Administration

Server hardening, service management, log analysis

70%
Python / Scripting

Security automation, log parsing, tool development

72%
GRC / Compliance

Risk frameworks, policy writing, audit documentation

45%
Web App Security

OWASP Top 10, secure SDLC, authentication patterns

62%

TOOLSTACK

Click any card to flip

Hover/tap to reveal usage context from the home lab

SIEM & Detection

Wazuh

Open-source SIEM/XDR. Running agents on DC-01, WEB01, KALI01. Custom detection rules for SSH brute force, port scans, file integrity.

Elastic SIEM

ELK stack experience — log ingestion, KQL queries, detection rules, and dashboard building for security events.

Splunk

SPL query fundamentals via TryHackMe SOC L1 training. Alert creation, saved searches, and incident investigation workflows.

Network Analysis

Wireshark

Packet capture analysis — identifying C2 traffic patterns, credential harvesting in plaintext, DNS tunneling indicators.

Nmap

Network discovery and port scanning. Running scans against lab network from KALI01 to verify Wazuh detection rules trigger correctly.

tcpdump

CLI packet capture on Linux endpoints. Used for real-time traffic analysis during active lab exercises.

Offensive / Red Team

Hydra

Password brute force tool — used offensively in lab to test SSH and RDP rate limiting, and defensively to tune Wazuh rules.

Gobuster

Web directory enumeration — used to understand what attackers see, and to test web server security configurations on WEB01.

Metasploit

Exploitation framework — TryHackMe labs and controlled home lab usage. Generates real attack telemetry for SIEM testing.

Operating Systems

Kali Linux

Primary attack platform (KALI01). Running full Kali 2024 on dedicated hardware for ethical hacking lab exercises.

Windows Server 2022

Domain Controller (DC-01) running Active Directory. GPO management, user/group administration, event log forwarding to Wazuh.

Ubuntu Server 22

WEB01 and WAZUH01 run on Ubuntu. UFW firewall rules, SSH hardening, Nginx reverse proxy, systemd service management.

Scripting & Dev

Python 3

Log parsing scripts, API integrations, threat intel automation. Building custom scripts to extend Wazuh detection capabilities.

Bash / PowerShell

System administration automation, log parsing, and scheduled tasks across both Linux and Windows endpoints in the lab.

SQL / Queries

Database query experience from dev background. Parameterized queries, RBAC schema design, and security log querying (KQL/SPL).

CREDENTIAL STATUS

ISC2 CC · Google Cyber · Security+ in progress · THM SOC L1 (65%)

Full cert stack
[INFO] Wazuh agent heartbeat · DC-01 · homecorp.local · OK·[WARN] Failed SSH auth attempt · 192.168.56.102 · Rule 5710 · Level 5·[INFO] Nmap scan completed · WEB01 · 23 open ports detected · Logged·[ALERT] Hydra brute-force detected · admin@192.168.56.101 · BLOCKED·[INFO] SPL query executed · index=security · 4,892 events returned·[INFO] ISC2 CC · PASSED · 2024 · Credential active·[INFO] CompTIA Security+ SY0-701 · PASSED · 2025 · Credential active·[WARN] Gobuster scan detected · /api/admin · 403 returned · Alert fired·[INFO] Wireshark PCAP capture · eth0 · 12,441 packets · Saved·[INFO] System status · LEARNING · BUILDING · AVAILABLE FOR SOC ROLES·[INFO] GPO applied · homecorp.local · Password policy · min 12 chars·[ALERT] Nikto scan from KALI01 · WEB01 · Wazuh alert · Severity: High·[INFO] Wazuh agent heartbeat · DC-01 · homecorp.local · OK·[WARN] Failed SSH auth attempt · 192.168.56.102 · Rule 5710 · Level 5·[INFO] Nmap scan completed · WEB01 · 23 open ports detected · Logged·[ALERT] Hydra brute-force detected · admin@192.168.56.101 · BLOCKED·[INFO] SPL query executed · index=security · 4,892 events returned·[INFO] ISC2 CC · PASSED · 2024 · Credential active·[INFO] CompTIA Security+ SY0-701 · PASSED · 2025 · Credential active·[WARN] Gobuster scan detected · /api/admin · 403 returned · Alert fired·[INFO] Wireshark PCAP capture · eth0 · 12,441 packets · Saved·[INFO] System status · LEARNING · BUILDING · AVAILABLE FOR SOC ROLES·[INFO] GPO applied · homecorp.local · Password policy · min 12 chars·[ALERT] Nikto scan from KALI01 · WEB01 · Wazuh alert · Severity: High·