🔭 Currently building: SIEM Detection Lab & AD Attack/Defense Playbooks
🌱 Learning: Splunk, Wazuh, Detection Engineering, eJPT
💬 Ask me about SIEM tuning, threat hunting, AD attacks, web app pentesting here
🌱 Learning: Splunk, Wazuh, Detection Engineering, eJPT
💬 Ask me about SIEM tuning, threat hunting, AD attacks, web app pentesting here
Each project contains: lab steps, PoC artifacts (screenshots/logs), methodology, and a concise professional report.
- SIEM Lab — Wazuh + ELK
What I did: Collected Windows/Linux logs + network telemetry, wrote detection rules for brute-force, suspicious PowerShell, persistence, and validated detections with simulated attacks.
Artifacts:/reports/siem-lab-report.md· dashboards · detection-rules.yml - Vulnerability Assessment & Exploit Lab
What I did: End-to-end pentest on isolated targets (DVWA, Metasploitable): recon → discovery → exploit → remediation report with CVEs and risk ratings.
Artifacts:/reports/vuln-assessment-report.pdf· nmap/gobuster outputs · screenshots - Active Directory Attack & Defense Lab
What I did: Simulated Kerberoast, Pass-the-Hash, and lateral movement; implemented GPO hardening and logging improvements; created detection playbooks.
Artifacts:/projects/ad-lab/playbook.md· bloodhound-screenshots - Network IDS & Tuning (Suricata)
What I did: Deployed Suricata, generated malicious traffic, tuned rules to reduce false positives and capture targeted alerts.
Artifacts:/projects/ids-tuning/· alerts-screenshots - Threat Hunting & Automation
What I did: Python tools to parse logs, correlate IOCs, and produce alert summaries for triage.
Artifacts:/tools/log-correlation/· sample-output.csv - CTF Writeups & Bug Bounty
What I did: Public CTF writeups (HTB/TryHackMe) and responsibly disclosed bounty reports (redacted).
Artifacts:/ctf-writeups/·/bug-bounty/
- Scope & Rules of Engagement (explicit and written)
- Recon & Enumeration — commands + outputs
- Findings & Risk Rating (CVSS where applicable)
- PoC / Exploit Steps (reproducible)
- Remediation & Mitigation
- Appendix: logs / screenshots / scripts
In progress / planned: CompTIA Security+ · Splunk Core User · Blue Team Level 1 · eJPT
Email (professional): josefkotichukkala@gmail.com
CTF / Bounty Alias: ZeroTrace (use this on HTB, TryHackMe, HackerOne)
Responsible Disclosure: I accept only engagements with explicit written permission. For bounty reports, follow the program policy and include PoC + remediation.
1) Clone repo 2) Run: docker-compose up -d (Wazuh + ELK + Suricata) 3) Inject sample logs: scripts/generate-logs.sh 4) Validate detections: open dashboards and run detection testcases in /tests/detections/
Replace ZeroTrace with your final alias and add links to your artifact files. Keep each project folder tidy and include one-page executive summaries for recruiters.