SYSTEM STATUSACTIVE
← Back

Enterprise Attack Simulation Lab

Phishing SimulationWiresharkCredential HarvestingSMB SharesIncident Analysis

A simulated enterprise attack scenario built to demonstrate how attackers gain initial access through phishing, move laterally through internal systems, and access sensitive organizational resources. The lab environment recreated a small business network to observe both the attacker workflow and defensive monitoring techniques.

Network Architecture Diagram

Diagram of the simulated enterprise network showing the attacker machine, employee workstations, file server, and SOC monitoring system.

Coming soon.

Project Details

  • Type: Individual Cybersecurity Lab
  • Environment: Isolated virtual enterprise network
  • Systems: Kali Linux, Ubuntu Server, Ubuntu SOC workstation, Windows desktops
  • Focus: Attack simulation and defensive monitoring

Tools Used

Kali Linux was used to perform the attack simulation, while Wireshark was used on the SOC monitoring system to observe network activity. The environment included Windows employee workstations and an Ubuntu file server hosting internal SMB shares.

Security Assessment Overview

The objective of this project was to simulate a realistic cyber attack against a small enterprise environment in order to better understand how attackers gain access to internal systems and data. The lab recreated a simplified corporate network consisting of employee workstations, a shared file server, and a monitoring workstation representing a security operations center.

The simulation followed a typical attack chain beginning with phishing-based credential theft, followed by internal authentication and access to company file shares. Network activity was monitored during the attack to demonstrate how defenders can identify suspicious behavior and investigate potential compromises.

Attack Simulation

The attack began with a phishing email sent to an employee workstation. The email contained a link to a fake internal login page designed to capture user credentials. When the employee entered their login information, the attacker obtained the username, password, and workstation IP address.

Using the stolen credentials, the attacker authenticated to the internal Ubuntu file server and accessed shared network folders. Within the shared drive, additional documents containing internal credentials were discovered, allowing further access to company data.

Attack Demonstration Screenshots

Screenshots from the phishing simulation, credential capture, SMB share access, and Wireshark network monitoring.

Coming soon.
Coming soon.
Coming soon.
Coming soon.

Technical Implementation & Role

I designed and built the entire virtual enterprise environment, including configuring all five virtual machines and the isolated internal network. I created the phishing simulation used to harvest credentials and developed the attack workflow demonstrating how an attacker could move from initial compromise to internal file access.

I also monitored network traffic using Wireshark to analyze attacker activity and document the attack process. This project provided hands-on experience with both offensive attack simulation and defensive monitoring techniques within a controlled enterprise environment.