30 Days - MyDFIR

One-liner: 30-day hands-on SOC analyst training project building a home lab for detection engineering and threat hunting.

🎯 What Is It?

The MyDFIR 30-Day SOC Analyst Challenge is a structured learning path created by Steven (MyDFIR) that guides aspiring SOC analysts through building a functional home lab with real security tools. The project covers log ingestion, Detection Engineering, Alert Triage, and Incident Response.

📅 Project Structure

Core Components

• SIEM: Splunk or ELK Stack
• Endpoint Monitoring: Sysmon for Windows telemetry
• Network Analysis: Zeek for traffic monitoring
• Threat Simulation: Atomic Red Team for testing detections
• Case Management: TheHive Project for Incident Response

Learning Objectives

1. Build enterprise-grade home lab
2. Ingest and normalize logs
3. Create detection rules (Sigma)
4. Simulate attacks with MITRE ATT&CK techniques
5. Investigate alerts like a real SOC analyst
6. Document findings and improve detections

📚 Daily Progress

Week 1: Lab Setup

• Day-01 MyDFIR — Initial lab architecture and planning
• Days 2-7: Splunk installation, Sysmon deployment, log forwarding

Week 2: Detection Engineering

• Detection Engineering fundamentals
• Sigma rule creation
• Threat-based detection vs Indicator Detection

Week 3: Threat Hunting

• MITRE ATT&CK technique simulation
• Atomic Red Team execution
• Alert Triage workflow

Week 4: Incident Response

• Incident Response lifecycle
• TheHive Project case management
• Documentation and reporting

🎯 Skills Developed

• SIEM administration
• Detection Engineering
• Threat-based detection
• Alert Triage
• Incident Response
• Purple Teaming mindset

🔗 Related Concepts

• Security Operations Center (SOC) — Target role
• SOC analysts — Career path
• Blue Teaming — Defensive security
• Detection Engineering — Core skill
• MITRE ATT&CK — Framework used

📝 Lab Days

Completed

• Day-01 MyDFIR

Upcoming

• Day 02-30 (in progress)