Welcome

Victor Coil Portfolio/Project Archive

About Me

A bit about me…

Whoami

Hello, and welcome to my site!
I am Victor Coil, a cybersecurity enthusiast. I am actively seeking an entry-level position in the Cybersecurity field, more specifically in Security Operations.

Education
> Currently: SANS Cyber Academy Scholar
> Bachelor of Science in Cybersecurity
> Associate of Science in Computer Science

Certifications
> CompTIA Cybersecurity Analyst (CySA+)
> CompTIA Security+
> Cisco Certified Network Associate (CCNA)
> TryHackMe Security Analyst Level 1 (SAL1)

Competitions
> Hivestorm
> National Cyber League (Top 3% in team competition)

My Vision

To become an exceptional Blue Teamer in the Cybersecurity field, continuously enhancing my technical skills and knowledge to effectively defend organizations.

I am particularly focused on security operations and have been actively practicing cloud security, malware analysis, and threat attribution.

Beyond personal growth, I aim to use this website as a platform to share projects, valuable lessons, and career insights. By documenting my journey, I hope to raise awareness and contribute to the cybersecurity community through walkthroughs, investigations, and technical deep dives.

Projects

These are the projects I’ve done

Click on the titles to access the lab Documentation or GitHub.

Cloud-Based SOC Automation

  • Built a cloud-based SOC pipeline using Wazuh, Shuffle, TheHive, and MISP for automated alert handling
  • Created detection rules on a honeypot to trigger preliminary enrichment and case creation via Shuffle workflows
  • Automated triage and active response with analyst approval and threat intelligence correlation from MISP

Azure Honeypot

  • Extracted Windows Event Viewer metadata with PowerShell, forwarding it to a third-party API for geodata
  • Configured Azure Log Analytics Workspaces to ingest custom logs containing geodata
  • Visualized global RDP Brute Force attacks on a world map for insights into attack locations and magnitudes

Enhanced Logging and Intrusion Detection

  • Deployed Splunk Enterprise (SIEM) for Centralized logging
  • Enhanced logging using Sysmon
  • Deployed Snort Intrusion Detection Systems (IDS)
  • Forwarded all logs, including Snort logs, using Universal Forwarders

Snort Rules and OWASP Top 10

  • Configured Snort IPS on DVWA webserver to showcase OWASP Top 10 vulnerabilities
  • Demonstrated various web security attacks to highlight practical expertise in threat detection and prevention
  • Developed tailored Snort rules for applicable vulnerabilities

Security Compliance and Monitoring Lab

  • Deployed Wazuh into Active Directory Environment
  • Supported compliance using the CIS Benchmark tool
  • Configured FIM to detect integrity violations on a user’s Desktop directory
  • Configured the Vulnerability Scanning module and scanned the Domain Controller and Windows 10 host

Vulnerability Management Lab

  • Installed and Configured Nessus Essentials within an Active Directory Environment
  • Conducted Non-Credentialed and Credentialed scans for baselining
  • Remediated critical and high vulnerabilities

Active Directory Management

  • Managed an Active Directory environment on Windows Server 2019
  • Implemented and maintained AD DNS and DHCP services
  • Implemented a Remote Access Server to support NAT
  • PowerShell was used to automate the creation of 200+ User Accounts

GitHub

These are the Python projects on my GitHub

  • Network Scanner
  • Phone and Email Web Scraper
  • SSH Bruteforce Script
  • Directory Enumerator
  • Subdomain Enumerator

Upcoming Projects

These are the project that I plan on putting together next

  • Expand on SOAR and Threat Intel Project with Tools: Lima Charlie, T-POT, Tines, Cortex

Writeups / Reports

Reports from Tryhackme and Hackthebox rooms

VIEW ALL →

The CVE Number has a link to the actual report created by MITRE while the Name of the Machine/Room is a link to my writeup.

These writeups help me work on my reporting, keeping my technical skills sharp, developing the mindset of an attacker which is crucial for a defender, and being educated on vulnerabilities and exploits used in the past.

Kenobi

Vulnerability: CVE-2015-3306 “mod_copy module”

Tags: Nmap Scan, SMB enumeration, FTP exploit, SSH, and SUID escalation

TryHackMe Room

Lame

Vulnerability: CVE-2007-2447 “’Username’ map script’ Command Execution”

Tags: Nmap Scan, SMB exploit/escalation




HackTheBox Room

Steel Mountain

This Report is still being worked on.

Vulnerability:

Tags:

TryHackMe Room