About

Welcome to my GitHub portfolio, this repository serves as a supplement to my main Wix portfolio, presenting knowledge base articles from my internship in a more legible and organized manner. Below is an overview of my setup, what tools I have used, and why.

Table of Contents

• Hardware
• Operating Systems
• Virtualization
• Containerization
• MFA
• SIEM
• Vulnerability Scanner
• OSINT Tools

Hardware

• Laptop: Lenovo ThinkPad T14s Gen 4 (2024)

Reliable laptop with an Intel i5-1345U CPU (10 cores with 12 threads) and 32GB of RAM.

Operating Systems

• Windows: 7, 10/11, Server 2025

Windows the most popular OS on the market, with Windows 7 being the most vulnerable one that is used across many legacy systems today. Since most programs, including malware, are developed for Windows systems, this makes it a clear choice for use in a homelab environment.

• Linux: Debian 12, Ubuntu Server 24.04.2 LTS

Linux is a very lightweight OS, and I am more experienced with its command-line than with Windows. I therefore opted to make Debian the main OS on my laptop, on which it will run resource-intensive virtual machines.

Virtualization

• VirtualBox

Requires some extra steps to get working on Debian, but has worked really well and has an intuitive interface for managing virtual machines.

Containerization

• Docker

Lets me run applications like Nessus inside of containers instead of installing them on the system. I manage my containers through Portainer, which runs in a container itself, and its interface can be accessed via browser.

MFA

• Duo

Created login tokens for Windows and Debian hosts via the Duo Admin Panel. At login, the user's phone receives an Allow/Deny ping for authentication.

SIEM

• CrowdStrike Falcon

Cloud-based endpoint detection platform that supports all OSs on workstations, servers, and mobile devices. Provides analysts with a multitude of controls to prevent, detect, and respond to threats.

• IBM QRadar

SIEM that I have running locally on a virtual machine. Set up to collect logs from my VMs via rsyslog and WinCollect, network activity from all of my devices via my router's gateway address, and alerts me on offenses according to my created ruleset.

Vulnerability Scanner

• Nessus

Running in a Docker container on my Ubuntu VM. The point here is to make the network setup simpler, such that the Nessus container is able to scan the hosts on the virtual NAT Network (e.g., Windows VMs), as well as all the hosts that are outside of the NAT Network and on my LAN (e.g., personal laptop).

OSINT Tools

• VirusTotal

Online file scanner, uses antivirus tools from multiple security vendors to detect malware.

• ANY.RUN

On-demand virtual sandbox environment for malware analysis and threat investigation.

• WHOIS

Tool for checking DNS records pertaining to a certain web address. Useful for checking the legitimacy of a website.

• Webroot BrightCloud

Tool for checking the reputation of a website, different from WHOIS in that it provides a reputation score based on web age, popularity, and infection history.