Welcome

Victor Coil | Security Operations & Detection Engineering Projects

About Me

A bit about me…

Whoami

Hello, and welcome to my site!
I’m Victor Coil, a cybersecurity professional focused on Security Operations and detection engineering.

Education: I completed the SANS Cyber Academy (July 2025–February 2026), earning the GCIH, GSEC, and GFACT certifications, and hold a B.S. in Cybersecurity (Cum Laude) from DePaul University and an A.S. in Computer Science from Waubonsee Community College.

Certifications: GCIH · GSEC · GFACT · CySA+ · SAL1 · CCNA · Security+ · GIAC Advisory Board Member

Competitions: National Cyber League, Top 3% (Team) · Hivestorm · Huntress CTF · PicoCTF

My Vision

My goal is to operate as a high-performing Blue Teamer, one who doesn’t just respond to alerts but understands attacker behavior deeply enough to anticipate it.

I’ve built that foundation hands-on: designing a cloud SOC pipeline integrating Wazuh, Shuffle, TheHive, and MISP; conducting manual malware analysis with IDA Pro, OllyDbg, and Cutter on FlareVM/REMnux; deploying honeypots to study real-world brute-force and RDP attack patterns; and building detection logic against OWASP Top 10 attack categories using Snort in an Active Directory environment.

This site documents that work, not as a showcase, but as a technical record. Every project page reflects a real problem I worked through, from initial setup to lessons learned. If you’re a recruiter, hiring manager, or fellow practitioner, I hope it gives you an accurate picture of how I think and operate.

Projects

These are the projects I’ve done

Click on the titles to access the lab Documentation or GitHub.

Cloud-Based SOC Automation

  • Built a cloud-based SOC pipeline using Wazuh, Shuffle, TheHive, and MISP for automated alert handling
  • Created detection rules on a honeypot to trigger preliminary enrichment and case creation via Shuffle workflows
  • Automated triage and active response with analyst approval and threat intelligence correlation from MISP

Azure Honeypot

  • Extracted Windows Event Viewer metadata with PowerShell, forwarding it to a third-party API for geodata
  • Configured Azure Log Analytics Workspaces to ingest custom logs containing geodata
  • Visualized global RDP Brute Force attacks on a world map for insights into attack locations and magnitudes

Enhanced Logging and Intrusion Detection

  • Deployed Splunk Enterprise (SIEM) for Centralized logging
  • Enhanced logging using Sysmon
  • Deployed Snort Intrusion Detection Systems (IDS)
  • Forwarded all logs, including Snort logs, using Universal Forwarders

Snort Rules and OWASP Top 10

  • Configured Snort IPS on DVWA webserver to showcase OWASP Top 10 vulnerabilities
  • Demonstrated various web security attacks to highlight practical expertise in threat detection and prevention
  • Developed tailored Snort rules for applicable vulnerabilities

Security Compliance and Monitoring Lab

  • Deployed Wazuh into Active Directory Environment
  • Supported compliance using the CIS Benchmark tool
  • Configured FIM to detect integrity violations on a user’s Desktop directory
  • Configured the Vulnerability Scanning module and scanned the Domain Controller and Windows 10 host

Vulnerability Management Lab

  • Installed and Configured Nessus Essentials within an Active Directory Environment
  • Conducted Non-Credentialed and Credentialed scans for baselining
  • Remediated critical and high vulnerabilities

Active Directory Management

  • Managed an Active Directory environment on Windows Server 2019
  • Implemented and maintained AD DNS and DHCP services
  • Implemented a Remote Access Server to support NAT
  • PowerShell was used to automate the creation of 200+ User Accounts

GitHub

These are the Python projects on my GitHub

  • Network Scanner
  • Phone and Email Web Scraper
  • SSH Bruteforce Script
  • Directory Enumerator
  • Subdomain Enumerator

Upcoming Projects

These are the project that I plan on putting together next

  • Expand on SOAR and Threat Intel Project with Tools: Lima Charlie, T-POT, Tines, Cortex
  • Deploying an AI Agent to assist with SIEM Alerts and IR documentation
  • Detection Engineering with Atomic Red Team

Writeups / Reports

Reports from Tryhackme and Hackthebox rooms

VIEW ALL →

The CVE Number has a link to the actual report created by MITRE while the Name of the Machine/Room is a link to my writeup.

These writeups help me work on my reporting, keeping my technical skills sharp, developing the mindset of an attacker which is crucial for a defender, and being educated on vulnerabilities and exploits used in the past.

Kenobi

Vulnerability: CVE-2015-3306 “mod_copy module”

Tags: Nmap Scan, SMB enumeration, FTP exploit, SSH, and SUID escalation

TryHackMe Room

Lame

Vulnerability: CVE-2007-2447 “’Username’ map script’ Command Execution”

Tags: Nmap Scan, SMB exploit/escalation




HackTheBox Room