POC #1: Phishing Simulation

This phishing simulation highlights how I map real-world malware behavior to detection gaps and business risk—bridging the gap between technical depth and customer clarity. I engineered a phishing campaign inspired by real-world StrelaStealer malware to assess detection gaps and communicate risk impact across Red, Blue, and Purple team functions.

✔ Red Team (Attack Simulation): Built and launched a phishing campaign using Gophish and a custom payload to emulate initial access and execution (MITRE T1566.001, T1204).

✔ Blue Team (Detection Engineering): Tuned Sysmon and Splunk rules to reduce phishing dwell time from undetected to a 5-minute alert window.

✔ Purple Team (Business Alignment): Quantified an $80K-per-incident risk reduction through faster detection and mapped findings to NIST & ISO 27001 controls.

✔ Technical Setup: Configured Postfix, Sysmon, SIEM alerts, and automated detection workflows to improve security posture.

Sales Engineering Impact

This lab showcases how I uncover customer pain points, design technical solutions, and translate detection engineering into clear business value; making it ideal for pre-sales demos and buyer conversations around phishing resilience, SIEM tuning, and MITRE ATT&CK alignment.

Read the Reports

🔴 Red Team Report (Gophish → PowerShell)

🔵 Blue Team Report (Sysmon, Splunk)

🟣 Purple Team Report (Business Risk & Compliance Mapping)

⚙️ Setup Guide (Home Lab Environment)