Embedded Files
Introduction
Introduction
This three-part series serves as my comprehensive 'Full-Stack' security masterclass, taking you from the initial construction of a vulnerable environment to the high-stakes world of real-time threat detection and remediation. By bridging the gap between Offensive Exploitation (Red Team) and Defensive Monitoring (Blue Team), I explored not just how systems are broken, but how they are watched and eventually 'healed'.
Key Takeaways
Key Takeaways
Layered Security is Mandatory: No single tool (Wazuh) is a silver bullet; defence-in-depth requires both host and network visibility.
Visibility Gaps are Stealth’s Best Friend: If your logs aren't reaching your SIEM (like the initial Shellshock logs), the attack effectively didn't happen in the eyes of the security team.
The Power of Customisation: Whether it is an attacker writing a custom script or a defender writing a custom decoder/rules, the most effective security work happens outside the 'default' settings.
Part 1: The Blueprint of Insecurity
Part 1: The Blueprint of Insecurity
Project Page: https://www.blackbeardcyber.com/projects/shellshock-to-siem-1
Started by engineering a "worst-case scenario" Docker container. By intentionally choosing legacy software (Bash 4.0 for Shellshock) and introducing common administrative blunders (weak SSH credentials and misconfigured sudoers), I created a realistic laboratory for testing modern security tools. This phase was about understanding the "Why" behind common vulnerabilities.
Part 2: The Art of the Breach
Part 2: The Art of the Breach
Project Page: https://www.blackbeardcyber.com/projects/shellshock-to-siem-2
Shifting perspectives to the attacker and executing a multi-stage breach. I moved from Scanning & Enumeration to Initial Access via a custom-coded Python SSH brute-forcer and a Shellshock RCE. Finally, I demonstrated Privilege Escalation by dumping hashes with sudo cat (cracked via John the Ripper) and weaponising a misconfigured script to seize Root control.
Part 3: The Watchtower — SOC Operations
Part 3: The Watchtower — SOC Operations
Project Page: https://www.blackbeardcyber.com/projects/shellshock-to-siem-3
The final instalment brought it all together using the Wazuh SIEM and the SOC Lifecycle. I covered that visibility is the Blue Team's greatest weapon. By solving the "Docker Log Gap" with journald and mounting the Apache log directory to the host, I transformed a silent breach into a high-fidelity alert stream.
References
References
Photo by Xavier Cee on Unsplash
Photo by Art Institute of Chicago on Unsplash
Photo by Sasun Bughdaryan on Unsplash
Photo by MEDIEVALMART on Unsplash
Page updated
Google Sites
Report abuse