New Video from @collinsinfosec: Practical Cybersecurity Projects for Skill Development

In this video, CollinsInfosec presents a series of practical projects to help cybersecurity learners develop concrete skills beyond theoretical PowerPoint presentations. The goal is to build a solid portfolio and have fun while learning. Here is a detailed summary of the recommended projects:

1. Build a Custom Honeypot: Instead of using existing open-source solutions, CollinsInfosec suggests creating your own honeypot using the programming language of your choice. This project involves simulating common services and protocols like HTTP, SSH, and FTP, and setting up log monitoring to observe intrusion attempts. This helps in understanding how attackers interact with vulnerable services and learning to trap them.

2. Deploy a Security Information and Event Management (SIEM) System: CollinsInfosec recommends deploying a SIEM like Splunk, ELK Stack, or Greylog. By configuring a dedicated server to collect and analyze logs from different systems, you can learn to integrate various log sources and analyze suspicious behaviors. Using tools like Atomic Red Team to simulate attacks allows you to test and improve your log investigation skills.

3. Develop Your Own Threat Intelligence Feeds: By aggregating information from various sources like news sites and RSS APIs, you can create a custom web application to track threats in real-time. This project helps you get familiar with APIs and stay informed about the latest trends in cybersecurity.

4. Web Application Security Labs: Use tools like Damn Vulnerable Web App, OWASP Juice Shop, and Burp Suite to practice attacks and defenses on web applications. These environments help you understand common vulnerabilities and learn to exploit and fix them.

5. Write Your Own Info Stealer: By developing a program to steal sensitive information like files and session cookies, you can learn the fundamentals of operating systems and information theft mechanisms. This project helps in understanding how attackers can extract sensitive data.

6. Active Directory Lab and Defense: Set up an Active Directory environment with a Windows domain controller and several associated machines. This project allows you to practice common attacks like Kerberoasting, Pass-the-Hash, and privilege escalation, while learning the associated defenses.

7. 30-Day Linux Challenge: Use a Linux distribution as your primary operating system for 30 days to familiarize yourself with the basics of Linux and its security implications. This challenge forces you to learn basic commands and navigate a Linux environment.

8. Set Up a Kubernetes Cluster: Deploy a Kubernetes cluster and use Falco for security monitoring. This project helps you understand the basic concepts of Kubernetes, such as pods and containers, and learn to secure a Kubernetes environment.

9. Prompt Injection with LLM: With the rise of AI agents and LLMs, it is crucial to understand the security implications. The game Gandalf offers seven levels to learn prompt injection techniques, a fun and educational challenge.

10. Raspberry Pi Project: Pi Hole, PiVPN, PyTor: Use a Raspberry Pi to deploy an ad blocker, a WireGuard VPN, and Tor. This project allows you to create a security gadget for your home network and learn to secure your personal environment.

These projects offer a practical opportunity to apply theoretical cybersecurity concepts in real-world scenarios. They help develop technical skills, build a solid portfolio, and stay updated with the latest security trends.

For more details, watch the full video: https://www.youtube.com/watch?v=8aJYPcGn_N8