MITRE ATT&CK Detection Engineering
In this project, I focused on understanding how a real attacker's behavior shows up in the Windows logs and how those signals can be turned into useful detection rules. I simulated common attack techniques like brute force login attempts, PowerShell, and persistence. After that, I mapped what I saw to the MITRE ATT&CK framework. By working directly with Event Viewer's Windows Security and Task Scheduler logs, I learned how much goes on behind the scenes in real systems and how important it is to filter that noise to find meaningful activity. The end result was a set of detection ideas based on actual log behavior, and a written report on all my findings.
